Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Multiple Satelitte Gateways - VPN Setup

Jump to solution

Hi all,

Could anyone help me out at all? Even if there's a guide I've missed, or a CheckMates post already on this (I did search, but only found some questions vaguely similar) that'd be great.

I am wanting to setup 2 VPN Tunnels/1 Community
A Side (Me) - Check Point Sec GW R80.10
B Side - 2 x AWS Cloud GWs

We've had "Tunnel 1" setup already, and when we put traffic through it, it did work. So that should be fine.
Struggling with how to setup "Tunnel 2".

The only differences between Tunnel 1 and Tunnel 2:
IPs are not the IPs in use, just examples which reflect the same scenario -

T1:
Outside Customer GW: 28.226.247.191
Outside Virtual GW: 28.200.211.101
Inside Customer GW: 159.254.87.40/30
Inside Virtual GW: 159.254.87.39/30
Next Hop: 159.254.87.39
T2:
Outside Customer GW: 28.226.147.191
Outside Virtual GW: 28.203.110.6
Inside Customer GW: 159.254.184.96/30
Inside Virtual GW: 159.254.184.95/30
Next Hop: 159.254.184.95


So a Star Community?
Center - My Cluster object
Satelittes - Both Interoperable devices?
Tunnel - Per subnet pair or Per gateway pair?
VPN Routing - Center only?

In the Interoperable device -
IP: Outside Virtual Private Gateway IP?
Topology: Manually defined ENC domain (group to be empty?)


I appreciate any input in advance.


Thanks,
Ben

0 Kudos
1 Solution

Accepted Solutions
5 Replies
Highlighted
Champion
Champion
First and foremost important question: Is this Route based VPN where Tunnel 2 is the backup to Tunnel1?
Regards, Maarten
0 Kudos
Highlighted
Contributor

Hi Maarten,

Sorry yes, the 2nd tunnel is to be used for redundancy.

Thanks

0 Kudos
Highlighted
Contributor
That guide looks comprehensive, and mentions Tunnel 1 / Tunnel 2 - It does advise how to setup BGP, which was another question I had whether BGP was needed or not. Happy to try this. Thank you very much!
0 Kudos
Highlighted
Admin
Admin

Hi,

it depends on your needs. You can either do two communities, or a single star with your physical cluster in the center and some optional VPN routing between satellites. Center only means traffic between satellites will not be passing through. 

Use per par of GWs, as recommended here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...


0 Kudos