Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Numbered VTIs with 3rd party

Jump to solution

Hi guys.

I'd like to create a route based VPN to a 3rd party site. As our Internet facing interface is configured as a bond I need to use numbered VTIs instead of unnumbered.

At the moment it is unclear to me what the local and remote IPs are used for and if the 3rd party needs knowledge about those IPs, i.e. if the remote IP of the numbered VTI e.g. is 192.0.2.1/24 do they need to know and and / or do they need to configure the IP on their site somewhere?

Hope this makes any sense,

Frank.

0 Kudos
Reply
1 Solution

Accepted Solutions

Hi,

You can give any IP addresses for VTIs but it should be defined at both ends. For more clarification, please check below thread.

 https://community.checkpoint.com/t5/General-Topics/Route-Based-VPN/m-p/34463

 

View solution in original post

0 Kudos
Reply
3 Replies
Highlighted
Sure they do. They have to match the numbered link you defined or there will be no traffic passing through your tunnel.
0 Kudos
Reply

Hi,

You can give any IP addresses for VTIs but it should be defined at both ends. For more clarification, please check below thread.

 https://community.checkpoint.com/t5/General-Topics/Route-Based-VPN/m-p/34463

 

View solution in original post

0 Kudos
Reply
Highlighted
Participant

Thanks. While my post was awaiting moderation I went to the lab and created a route based VPN between a FreeBSD box and Check Point R80.x and I was able to observe the same behaviour: basically for my needs the local and remote IPs don't matter and both parties had no knowledge of the other's configuration wrt the IPs used inside the tunnel.

Routing on Check Point was done via `nexthop gateway logical' and on the FreeBSD Site I just routed traffic via it's own IP inside the tunnel. Worked flawless. I guess I missed your thread because your stated problem was "Traffic is not being encrypted' so I expected a different problem.

Thanks,

Frank.

0 Kudos
Reply