cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Multi Entry point configuration(MEP) addition into existing primary and secondary tunnel

Multi Entry point (MEP) with externally managed gateways as central gateways in star community..

 

Scenario:

Please go through the attached diagram..

Existing Tunnels primary from FW A to FW C

Secondary from FW B to  FW C

Presently using NAT ips to connect through secondary tunnel..

 

As client segment size has increased to /16 and NAT cannot be done and due to internal WAN conflicts new FW D is placed.

Requirement is to add a new FW D and build MEP to externally managed gateways FWs A and B  which has existing tunnel to communicate with Client FW C..

A and B are externally managed Gateways.. Is this possible to do it using MEP till hub location fws A and B for failover and after that take the existing tunnel from fw A and B ..PFA Diagram..

Please share some thoughts if anybody done MEP.

Tags (1)
0 Kudos
6 Replies
Admin
Admin

Re: Multi Entry point configuration(MEP) addition into existing primary and secondary tunnel

Your diagram and your text contradict each other.

Your text above says GW A and B are externally managed

Firewall C is listed as an interoperable device in your diagram--which also implies externally managed.

Which gateways are managed by you in this diagram?

Is your expectation for hosts behind Firewall D to also reach hosts behind Firewall C through the VPN with A and B?

0 Kudos

Re: Multi Entry point configuration(MEP) addition into existing primary and secondary tunnel

Hi,

Thanks for the query..

Fw A,B and D are managed by us.. But unfortunately all 3 are in different managements.. means in 3 different managements..  A and B are hub location firewalls and have existing tunnels with an interoperable device..

So the requirement is to happen autofailover in tunnel towards A and B from FW D and reach FW C(managed out of organization)  without outage..

For firewall D gateway fw A and B are extenally managed gateways..

Hope this makes clear..


Thanks,

Giridhar

0 Kudos
Admin
Admin

Re: Multi Entry point configuration(MEP) addition into existing primary and secondary tunnel

Thanks, it makes it much clearer.

How is the VPN between A>C and B>C done today?

Is it done with route-based VPNs or are you using regular communities with fixed encryption domains?

0 Kudos

Re: Multi Entry point configuration(MEP) addition into existing primary and secondary tunnel

Hello,

A to C and B to C are regular fixed community vpns..

 As MEP probing is done using port 259... Does that port need to be enabled between gateways D and A also D and B.. ?


0 Kudos
Admin
Admin

Re: Multi Entry point configuration(MEP) addition into existing primary and secondary tunnel

I know MEP only works with Check Point VPN endpoints (which means it's not relevant for A>C or B>C).

What I don't know is whether or not it works with externally managed Check Point gateways.

In which case you may need to do this with route-based VPNs.

0 Kudos

Re: Multi Entry point configuration(MEP) addition into existing primary and secondary tunnel

It works with externally managed checkpoint gateways... Yes.. route based vpns are the only options with other vendors.. for autofailover..

0 Kudos