Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Di_Junior
Advisor
Advisor

Check Point VPN with same Encryption Domain with different Peers

Dear Mates

I am currently doing a migration of a Cisco ASA to Check Point. Everything is going well so far, but I need to migrate the VPN tunnels. Currently with Cisco they have two VPN tunnels (Active/Standby) with different peer address but the same encryption domain for both tunnels.

Is it possible to have the same scenário using Check Point when you have VPN tunnels with two different Peers but the same encryption Domain?

Example:

Peer A

IP: 10.10.0.1

Encryption Domain: 192.168.10.0/24

Peer B

IP: 10.10.2.1

Encryption Domain: 192.168.10.0/24

 

Check Point

IP address: X.X.X.X

Encryption Domain: 172.16.0.2/24

 

Thanks in advance

 

0 Kudos
5 Replies
_Val_
Admin
Admin

Term you are looking for is MEP - Multiple Entry Point VPN.

Look for MEP in the documentation: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_SitetoSiteVPN_AdminGuide/Con...

0 Kudos
Di_Junior
Advisor
Advisor

Hi Val

Thanks for your help.

I am referring to a scenário with a single security gateway and Two different Peers from a partners. A per the definition below, MEP is not the solution to my problem.

"MEP environment has two or more Security Gateways both protecting and enabling access to the same VPN domain, providing peer Security Gateways with uninterrupted access."

 

0 Kudos
_Val_
Admin
Admin

I fail to understand.

You have two different GWs providing access to the same VPN domain. The fact those GWs and that domain are on your VPN partner side, how does it change the situation?

0 Kudos
Di_Junior
Advisor
Advisor

I am only in control of one security gateway (Check Point), the peers are our partners and they use Cisco. 

0 Kudos
Daniel_Westlund
Collaborator
Collaborator

I believe we can do MEP in this scenario. Create a Star Community and put both Cisco's in the center of the star, and you Check Point in the spoke, and then check the Enable MEP checkbox. I have the same scenario and am going to try it when the partner is ready.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events