Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Checkpoint 5400 with secondary internet

How can i config the checkpoint with secondary internet ? The interface part only let me to enter the IP address and subnet. How about the gateway and it's new set of DNS ? I want to set the secondary internet for IPSec-VPN only. I searched for post whole days but in vain. THX

0 Kudos
7 Replies
Highlighted
Gold

Timothy,

are you talking about two internet connections ?

Normal configuration for two ISPs will be configured via ISP redundancy :

ISP-redundancy.PNG

 

 

 

 

 

 

 

 

And via VPN link selection you can configure one of the external links as main IP for IPSEC-tunnel.

 

Wolfgang

0 Kudos
Highlighted

Thank you for your reply. i will try that later. but is it i don't need to configure the static routing option in the web ? and can i config 1 vpn with the primary line and the second vpn with the backup line ?

0 Kudos
Highlighted
Gold

Timothy,

the link selection configuration is effective for all VPN connections, you can‘t configure these different for different VPNs.

Can you please explain more detailed your question for configuring routing. 

Wolfgang

0 Kudos
Highlighted

I configured the  ISP redundancy at smartconsole. but in the web "static route" i can only see the "default" route with a single gateway to the first ISP. How about the second ISP gateway ? or i don't need to care about it once the  ISP redundancy is set in smartconsole ? THX

0 Kudos
Highlighted
Gold

The default gateways for the ISPs are set via SmartConsole.

Wolfgang

ISP-redundancy_gateway.PNG

0 Kudos
Highlighted

We have setup ISP redundancy and it seems work bcs we can connect the 2nd ISP IP with smartconsole. However, the VPN is not working. Even i have choose the "Selected address from topology table" IP to the 2nd ISP IP. The log from another side firewall reported "IKE Initiator: Proposed IKE ID mismatch" and further log shows "VPN Policy: VPN_Office2; Local ID: 2nd ISP IP; Remote ID: 1st ISP IP. The checkpoint still answering the 1st ISP IP as and ID. Changing back to 1st ISP IP it working again of course. How come ? THX

0 Kudos
Highlighted
Sapphire

I would suggest to consult R80.30 Site to Site VPN Administration Guide p. 40ff - Link Selection !