Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
fab
Participant
Jump to solution

Numbered VTIs with 3rd party

Hi guys.

I'd like to create a route based VPN to a 3rd party site. As our Internet facing interface is configured as a bond I need to use numbered VTIs instead of unnumbered.

At the moment it is unclear to me what the local and remote IPs are used for and if the 3rd party needs knowledge about those IPs, i.e. if the remote IP of the numbered VTI e.g. is 192.0.2.1/24 do they need to know and and / or do they need to configure the IP on their site somewhere?

Hope this makes any sense,

Frank.

0 Kudos
1 Solution

Accepted Solutions
Gaurav_Pandya
Advisor

Hi,

You can give any IP addresses for VTIs but it should be defined at both ends. For more clarification, please check below thread.

 https://community.checkpoint.com/t5/General-Topics/Route-Based-VPN/m-p/34463

 

View solution in original post

0 Kudos
3 Replies
Hugo_vd_Kooij
Advisor
Sure they do. They have to match the numbered link you defined or there will be no traffic passing through your tunnel.
<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Gaurav_Pandya
Advisor

Hi,

You can give any IP addresses for VTIs but it should be defined at both ends. For more clarification, please check below thread.

 https://community.checkpoint.com/t5/General-Topics/Route-Based-VPN/m-p/34463

 

0 Kudos
fab
Participant

Thanks. While my post was awaiting moderation I went to the lab and created a route based VPN between a FreeBSD box and Check Point R80.x and I was able to observe the same behaviour: basically for my needs the local and remote IPs don't matter and both parties had no knowledge of the other's configuration wrt the IPs used inside the tunnel.

Routing on Check Point was done via `nexthop gateway logical' and on the FreeBSD Site I just routed traffic via it's own IP inside the tunnel. Worked flawless. I guess I missed your thread because your stated problem was "Traffic is not being encrypted' so I expected a different problem.

Thanks,

Frank.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events