Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

VPN to third party in an ISP HA configuration with probing enabled

OK so this is a question regarding the Identity the checkpoint sends in packet 5 of the phase 1 communication when establishing a VPN. Specifically when the firewall has ISP redundancy configured in probing mode and you want to establish a backup VPN to a third party vendor

According to sk57441 this IP address used as identity in packet 5 is defined using the configuration under IPSec VPN -> Link selection. Now the situation I have is the customer has a large VPN mesh configured and naturally has probing enabled to support the ISP redundancy. The also have a VPN to the third party to support there services. The problem is that when probing option is enabled for link selection it always uses the primary interface IP address as the ID in packet 5. In the mesh where all gateways are managed by the central manager this is not a problem but third party devices do not support this. 

Has any one come across this situation before and have a solution or is this a by design feature?

0 Kudos
1 Reply
Highlighted
Admin
Admin

0 Kudos