Hello Folks
Please find my requirement below.
Scenario:
The customer is using a Juniper Firewall(Local) placed behind a load balancer using two ISP Links TATA and Airtel for VPN, The Juniper Firewall is connected to the Loadbalancer on a single interface(Private IP). Meanwhile, the Peer end is a Cisco ASA Firewall with a Single ISP link for VPN communication.
The VPN configured between Juniper Firewall and Cisco ASA has link redundancy i.e the 2 ISP Links(TATA and Airtel) of the Loadbalancer is Nated to the Juniper firewalls External Interface IP(Private) and on the Peer side, the Cisco ASA firewall is configured to probe these 2 public IPs as shown in the diagram below.
Workflow:
TATA is the primary ISP link of Loadbalancer for the VPN traffic, When the TATA ISP link goes down the VPN Tunnel fails over to Airtel Link.
Query:
Now in place of Juniper, we are going to replace it with the CheckPoint Firewall(Model: 5900, Mode of deployment: Cluster, OS: GAIA, Version: R80.30).
So can we achieve the same VPN link redundancy between CheckPoint to Cisco with CheckPoints Single Interface behind a Nated device(Loadbalancer with 2 ISP Links)? If so then how
Assuming that if the first option is not possible, Can we achieve the same requirement when the 2 Public IPs are directly terminated on CheckPoint and the Peer Cisco ASA is configured to probe these 2 Public IPs. If so then how.
| User | Count |
|---|---|
| 9 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 |
Fri 10 Jan 2025 @ 10:00 AM (CET)
CheckMates Live Netherlands - Sessie 32: Infinity External Risk Management (CyberInt)Fri 10 Jan 2025 @ 10:00 AM (CET)
CheckMates Live Netherlands - Sessie 32: Infinity External Risk Management (CyberInt)
.png "Wolfgang"){kind=avatar}
