cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Dynamic Multipoint VPN

Does Checkpoint has any DMVPN solution? We need DMVPN solution. As far as I know, CP VPN solution is different from other vendors.

Topology

Spoke A and Spoke B hasn't direct VPN connection.
Spoke A and Spoke B gateways are both connected IPSec VPN with HUB site.

Requirment:

Spoke A must to connect Hub and Spoke B network


If all gateways are Checkpoint, Is it possible?
If Spoke A gateway has Fortigate, Is it possible?

0 Kudos
5 Replies
Vladimir
Pearl

Re: Dynamic Multipoint VPN

If all gateways are Check Point, you can use Meshed Community:

Site to Site VPN R80.10 Administration Guide 

If one of the gateways is a 3rd party device, you theoretically, can configure a route based VPN and use routing protocols on top of those, but it is a bit unwieldy:

 

Re: Dynamic Multipoint VPN

Thank you for response.

But in this case, We cannot create direct VPN between Spoke A and Spoke B. 

I haven't any experience on Route Based VPN.

Route Based VPN possible to provide requirement?

0 Kudos
Petr_Hantak
Silver

Re: Dynamic Multipoint VPN

You can also use Star community settings with updated VPN routing.

VPN routing

Re: Dynamic Multipoint VPN

Thank you Petr Hantak‌.

Do you have any clue to if only center gateway is Check Point?

0 Kudos
Petr_Hantak
Silver

Re: Dynamic Multipoint VPN

Yes, the central gateway must be Check Point managed by you. See also Site to Site VPN R80.10 Administration Guideas Vladimir Yakovlev mentioned. Chapter "Configuring VPN Routing in Domain Based VPN" could explain it more.

0 Kudos