This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ofirshemer
Explorer
‎2020-12-13 11:10 PM

Multi IPsec tunnels with different ISP without redundancy, with the same encryption domain

Hi all,

 

I want to implement Multi IPsec tunnels with different ISP without redundancy.

The meaning is that I will have IPsec from FW-Branch to FW-HQ with ISP-A and IPsec from FW-Branch to FW-Internet with ISP-B.

On the branch site, it will be the same encryption domain(192.168.200.0/24)

 

All the FWs running R80.30

Any suggestions?

 

Preview file
26 KB
0 Kudos
5 Replies
ofirshemer
Explorer
‎2020-12-13 11:14 PM

@BarGab 

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-12-14 12:15 AM

What is the question ? This does not work for you ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
ofirshemer
Explorer
‎2020-12-14 12:24 AM

Hi Albert
When I am creating the IPsec tunnels it's using ISP-A IP (80.10.10.1) for the tunnels.
I want to separate the sources.

For IPSEC-1 I will use ISP-A IP - 80.10.10.1 (from FW-Branch to FW-Internet).

For IPSEC-2 I will use ISP-B IP -160.10.10.1 (from FW-Branch to FW-HQ).

It must be without redundancy, if ISP-A is down I cannot access FW-Internet

 

Thank you

 

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-12-14 04:31 AM
In response to ofirshemer

Yes, ok, but what is your issue ? Does it not work for you ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
ofirshemer
Explorer
‎2020-12-14 05:09 AM

Hey Albert,
Currently is not working,
I desire to create 2 separate IPSEC tunnels on FW-Branch.
One tunnel with the source IP address of 160.10.10.1
And second IPSEC tunnel with source IP address of 80.10.10.1
Each tunnel with an encryption domain of 192.168.200.0/24.
Currently, both tunnels are with source 160.10.10.1, and this is not what I want, because when eth1 is down I lose both of my tunnels.
And I can not create another object because I can not assign the same encryption domain to different objects.

Hope it’s clearer now.
Thank you.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events