This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TINTIN8
Participant
2 weeks ago
Jump to solution

R82 Site to Site VPN with third party Router

Hi Checkpoint Gurus

I'm trying to set up a site-to-site VPN with a third-party GW (Router). In the new R82, it looks like there is a feature called "Enhanced link selection."

In my GW object, I've defined the External interface as Enhanced Link Selection. But realistically, we don't know how third-party devices are configured. All we do is exchange the security parameters with the given IP address and accept the interesting traffic.

The problem is that I cannot set up my VPN community in Enhanced mode without defining an Enhanced link selection on the third-party object. This doesn't make sense.

The error message says, "The VPN Community is configured to use "Enhanced Link Selection. "At least one VPN peer does not have configured interfaces. You must configure Enhanced Link Selection Interfaces in each VPN peer object."

Please refer to the attached pictures.

We cannot define interface details on third-party objects, and it's not practical to ask our vendors for this information.

Your help is much appreciated!!!

 

Enhance Link Selection page-Checkpoint GW.JPG
Preview file
62 KB
Interoperable device-1.JPG
Preview file
42 KB
Error.JPG
Preview file
96 KB
Interoperable device-2.JPG
Preview file
86 KB
0 Kudos
2 Solutions

Accepted Solutions
the_rock
Legend
Legend
2 weeks ago
In response to TINTIN8
Jump to solution

Please see attached.

Andy

View solution in original post

Screenshot_2.png
Preview file
108 KB
Screenshot_1.png
Preview file
321 KB
Screenshot_3.png
Preview file
370 KB
Screenshot_4.png
Preview file
367 KB
the_rock
Legend
Legend
2 weeks ago
In response to PhoneBoy
Jump to solution

@TINTIN8 Hopefully screenshots I sent are good enough, but if not, let me know.

Andy

View solution in original post

0 Kudos
8 Replies
the_rock
Legend
Legend
2 weeks ago
Jump to solution

I did this in my R82 lab, will send you some screenshots tomorrow. Error is telling you that peer link selection is incorrect, thats why.

Andy

0 Kudos
the_rock
Legend
Legend
2 weeks ago
In response to TINTIN8
Jump to solution

Please see attached.

Andy

Screenshot_2.png
Preview file
108 KB
Screenshot_1.png
Preview file
321 KB
Screenshot_3.png
Preview file
370 KB
Screenshot_4.png
Preview file
367 KB
TINTIN8
Participant
2 weeks ago
In response to the_rock
Jump to solution

Thank you soooo much!!! it worked!!!

PhoneBoy
Admin
Admin
2 weeks ago
Jump to solution

For interoperable objects, the interface name doesn't have to match what the remote end actually uses.
You can use something generic like eth0.
The important thing is that interfaces are defined with the correct IP addresses.

the_rock
Legend
Legend
2 weeks ago
In response to PhoneBoy
Jump to solution

@TINTIN8 Hopefully screenshots I sent are good enough, but if not, let me know.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top