Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gomboragchaa
Advisor

Dynamic Multipoint VPN

Does Checkpoint has any DMVPN solution? We need DMVPN solution. As far as I know, CP VPN solution is different from other vendors.

Topology

Spoke A and Spoke B hasn't direct VPN connection.
Spoke A and Spoke B gateways are both connected IPSec VPN with HUB site.

Requirment:

Spoke A must to connect Hub and Spoke B network


If all gateways are Checkpoint, Is it possible?
If Spoke A gateway has Fortigate, Is it possible?

0 Kudos
Reply
5 Replies
Vladimir
Champion
Champion

If all gateways are Check Point, you can use Meshed Community:

Site to Site VPN R80.10 Administration Guide 

If one of the gateways is a 3rd party device, you theoretically, can configure a route based VPN and use routing protocols on top of those, but it is a bit unwieldy:

 

Gomboragchaa
Advisor

Thank you for response.

But in this case, We cannot create direct VPN between Spoke A and Spoke B. 

I haven't any experience on Route Based VPN.

Route Based VPN possible to provide requirement?

0 Kudos
Reply
Petr_Hantak
Advisor

You can also use Star community settings with updated VPN routing.

VPN routing

Gomboragchaa
Advisor

Thank you Petr Hantak‌.

Do you have any clue to if only center gateway is Check Point?

0 Kudos
Reply
Petr_Hantak
Advisor

Yes, the central gateway must be Check Point managed by you. See also Site to Site VPN R80.10 Administration Guideas Vladimir Yakovlev mentioned. Chapter "Configuring VPN Routing in Domain Based VPN" could explain it more.

0 Kudos
Reply