Re: Redundant VPN with Third Party

Shurik · ‎2024-02-06

Hello folks,

I am not able to figure out how to create a redundant site to site VPN tunnel... I tried a few different options, no luck so far.

Our client have two ISPs connected to the same firewall (3rd party). On my side it will be one endpoint.

I am looking for an instant (or almost instant) failover in case there is an issue with any of client's internet circuits.

From your experience, what will be the best way to accomplish it?

Thanks!

PhoneBoy · ‎2024-02-06

You need to configure MEP.
See: https://support.checkpoint.com/results/sk/sk164355

Shurik · ‎2024-02-06

Thank you! How good it's working with 3rd party?

At this point I don't know what will be the client's firewall vendor.

PhoneBoy · ‎2024-02-06

Most of the interoperability issues that occur with third-party VPN gateways occur with getting the VPN established.
The MEP piece is pretty straightforward.

Shurik · ‎2024-02-07

Thanks!

So in my case I'm going to configure two remote client's firewalls as center gateways and my gateway as satellite, right?

PhoneBoy · ‎2024-02-07

That sounds correct.

Shurik · ‎2024-02-07

btw, will I see the same source IP, if the traffic is coming over the primary or secondary tunnel?

the_rock · ‎2024-02-06

Keep in mind, MEP means you have multiple center gateways, so should not matter what 3rd party fw is.

Andy

Are you a member of CheckMates?

Redundant VPN with Third Party