This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
950117ec-6722-4
Explorer
‎2018-10-31 08:09 AM

Peer to same remote from VX-environment.

Hi ! I have problem with VPN tunnel in a VSX environment, I would like to build two VPN tunnel to the same remote peer-adress from two different VS, is that supported ?

My gateway-server is on 77.30 and the management-server on 80.10.

It look good from the beginning and booth of the tunnel rise, but after a while one of them goes down and

get "authentication failure" when the remote side tried to connect.   

The remote peer that I would like to peer with is located on a Juniper, Junos firewall.

Thank you for some help.

/Yngve  

0 Kudos
7 Replies
Vladimir
Champion
Champion
‎2018-10-31 06:18 PM

Do your VS' have unique public IPs assigned to their external interfaces or are they behind common VSwitch or external router being NATed to the same public IP?

0 Kudos
950117ec-6722-4
Explorer
‎2018-11-01 12:55 AM

Booth of the VS have unique ip-addresses and are connected with a common VSwitch to Internet.

0 Kudos
950117ec-6722-4
Explorer
‎2018-11-01 01:18 AM

Some more information,

we use the same "Interoperable Device" object as gateway in two different VPN community type meshed and we don't use Multi domain management. Hopefully I describe the setup on this case. I have not yet tried

this setup to other vendors than Juniper, I will try to use a Cisco ASA but it looks that it should be some problem

in my CP environment.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-11-01 08:53 AM
In response to 950117ec-6722-4

Are the 2 tunnels built in 1 community or in the same?

I would build 1 star community with the remote site as a center and set VPN routing to from satelite to center only.

This way you have 1 PSK for both tunnels, I have a customer running this type of setup with some different appliances to Amazon (although they are not VS's).

Regards, Maarten
0 Kudos
950117ec-6722-4
Explorer
‎2018-11-02 12:23 AM

We have 2 separate community, because there are different company in each VS and they should not be dependent to each other.  But maybe I can build this as one community and deny traffic between the two satellite.

But does any know if my setup would bee possible, we are going to use MDM in a feature and does that change any in this case?

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-11-02 06:31 AM
In response to 950117ec-6722-4

This is why I said, build a Star with the REMOTE gateway as the CENTER, you can disallow traffic from one to the other VS.

Regards, Maarten
0 Kudos
950117ec-6722-4
Explorer
‎2018-11-02 01:58 AM

But, when I build a start community I have only one of my VS that are the center gateway and if that one goes down the

traffic from the satellite to the other VS does not work.

A picture for no misunderstanding.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events