This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bernardes
Advisor
Advisor
‎2022-11-29 07:13 AM
Jump to solution

How to configure VPN IPSEC Site-to-Site with multiple Virtual IPs?

Hello Mates!

 

Let me explain the scenario... We have a big customer that has a cloudguard cluster. This cluster is behind of an OCI (Oracle Cloud Infrastructure) . This OCI manage IPs from public to private and the gateway just see the private IPs.

My gateway interfaces is like this:

image_2022-11-29_121241033.png

This customer has many ranges of public IPs, so that each peer partner will use one of these public IPs to establish the VPN tunnel.

My doubt is: How can I configure all these IPs on the CP side so that it can respond for all partners, each one with a different IP?

Normally, in the VPN link selection, we set an IP that will respond to all partners.

Is it supported on Check Point?

Any advice?

Thank you!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-11-29 06:36 PM
In response to Bernardes
Jump to solution

You can read all about Link Selection here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Con...

A routing configuration would assume that the public IPs were available on the interface the traffic is routed out.
Since everything on your gateways is private IPs, this will most definitely not work since the gateway won’t know what the public IP is on that interface.

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2022-11-29 12:41 PM
Jump to solution

Can you directly specify what peer uses what IP for Link Selection? No.
It would have to be done with routing, which given this scenario, may not be an option. 

0 Kudos
Bernardes
Advisor
Advisor
‎2022-11-29 02:52 PM
In response to PhoneBoy
Jump to solution

Hello @PhoneBoy . How could I use routing to make this?

I try to search for any documentation to help me with this configuration, but I guess that I'm not searching for the right keywords.

Have any way to make this work?

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-29 06:36 PM
In response to Bernardes
Jump to solution

You can read all about Link Selection here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Con...

A routing configuration would assume that the public IPs were available on the interface the traffic is routed out.
Since everything on your gateways is private IPs, this will most definitely not work since the gateway won’t know what the public IP is on that interface.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events