Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bernardes
Advisor
Advisor
Jump to solution

How to configure VPN IPSEC Site-to-Site with multiple Virtual IPs?

Hello Mates!

 

Let me explain the scenario... We have a big customer that has a cloudguard cluster. This cluster is behind of an OCI (Oracle Cloud Infrastructure) . This OCI manage IPs from public to private and the gateway just see the private IPs.

My gateway interfaces is like this:

image_2022-11-29_121241033.png

This customer has many ranges of public IPs, so that each peer partner will use one of these public IPs to establish the VPN tunnel.

My doubt is: How can I configure all these IPs on the CP side so that it can respond for all partners, each one with a different IP?

Normally, in the VPN link selection, we set an IP that will respond to all partners.

Is it supported on Check Point?

Any advice?

Thank you!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

You can read all about Link Selection here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Con...

A routing configuration would assume that the public IPs were available on the interface the traffic is routed out.
Since everything on your gateways is private IPs, this will most definitely not work since the gateway won’t know what the public IP is on that interface.

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Can you directly specify what peer uses what IP for Link Selection? No.
It would have to be done with routing, which given this scenario, may not be an option. 

0 Kudos
Bernardes
Advisor
Advisor

Hello @PhoneBoy . How could I use routing to make this?

I try to search for any documentation to help me with this configuration, but I guess that I'm not searching for the right keywords.

Have any way to make this work?

0 Kudos
PhoneBoy
Admin
Admin

You can read all about Link Selection here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Con...

A routing configuration would assume that the public IPs were available on the interface the traffic is routed out.
Since everything on your gateways is private IPs, this will most definitely not work since the gateway won’t know what the public IP is on that interface.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events