Create a Post
Showing results for 
Search instead for 
Did you mean: 

IPv4 traffic over IPv6 IPSec tunnel

I am not sure this is the correct place to address this requirement..

Recently one of my customer had a requirement to create an IPSec tunnel with their partner company, peer side having only IPv6 public IP address and customer having IPv6 and IPv4 public address, and customer and partner side infrastructure network is utilizing IPv4 address scheme. Then we realized this requirement cannot be fulfilled by Checkpoint as of now. So I managed to terminate IPSec using an opensource firewall instance in VM environment and the help of NAT, somehow the solution is provided.

My concern is why checkpoint does not support this feature.  Google quoted that 30% of the internet is using IPv6 at this point of time, so near future most of the ISP connection would be IPv6 only addresses. Big enterprises will adopt IPv6 for their environment but small and medium enterprises will continue with IPv4 addressing for their infrastructure. My prediction is  IPv4 traffic inside an IPv6 IPSec tunnel will be the common use-case within a year or two not to mention some of the customers already started to utilize this technology. 

I hope Checkpoint will release this functionality with upcoming releases.


0 Kudos
1 Reply

We can do separate tunnels with IPv4 and IPv6, but currently can’t tunnel one in the other.
I recommend engaging with your local Check Point office around this requirement.

0 Kudos