Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Satyam1
Participant

Site to Site VPN with one public IP

Hi Guys,

My company has three branch offices in different locations. We have Checkpoint Firewall at our main office. I wanted to create a site-to-site VPN between my main branch and one other location. My main branch has a Public IP but my other branch doesn't. Someone told me that we can create site to site VPN tunnel with one public IP and one dynamic IP too. I am not too sure, so anyone can please confirm whether this is possible? Thank you a lot in advance.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

What kind of gateway is at the remote site?
In general, this can be done, but:

  • VPN must be authenticated with certificates (not supported with PSK)
  • Remote end is defined as Dynamic IP (in the relevant gateway object)
the_rock
Champion
Champion

Phoneboy gave you answer that exactly describes what you need to do. Sadly, this would never ever work with pre shared key, so you definitely must use the cert. And if Im not mistaken, though phoneboy can correct me, when you create interoperable object, yes, you define it as DAIP, but I believe you also must define the certificate authority there as well.

0 Kudos
PhoneBoy
Admin
Admin

That’s part of the VPN Community definition, I believe.

0 Kudos