This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sunil_Mishra
Employee Alumnus
Employee Alumnus
‎2018-12-12 01:14 AM

VPN tunnel with Dynamic IP address.

Hi,

Can we create a VPN tunnel between HO and Branch where HO is having static IP address and branch location is having dynamic IP address (Broadband Connection)?

Thanks.

0 Kudos
4 Replies
Andreas_Aust
Collaborator
‎2018-12-12 01:29 AM

Yes, you can.

0 Kudos
Sunil_Mishra
Employee Alumnus
Employee Alumnus
‎2018-12-12 01:38 AM

Thank you Andreas, are you aware about any SK or documents ?

0 Kudos
Andreas_Aust
Collaborator
‎2018-12-12 01:52 AM
In response to Sunil_Mishra

Dynamically Assigned IP Security Gateways
A Dynamically Assigned IP (DAIP) Security Gateway is a Security Gateway where the external interface's IP
address is assigned dynamic
ally by the ISP. Creating VPN tunnels with DAIP Security Gateways are only
supported by using certificate authentication. Peer Security Gateways identify internally managed DAIP
Security Gateways using the DN of the certificate. Peer Security Gateways iden
tify externally managed
DAIP Security Gateways and 3rd party DAIP Security Gateways using the
Matching Criteria
configuration
DAIP Security Gateways may initiate a VPN tunnel with non
-DAIP Security Gateways. However, since a
DAIP Security Gateway's external IP address is always changing, peer Security Gateways cannot know in
advance which IP address to use to connect to the DAIP Security Gateway. As a result, a peer Security
Gateway cannot initiate a VPN tunnel with a DAIP Security Gateway unless DNS Resolv
ing is configured on
the DAIP Security Gateway. For more information, see Link Selection
(on page 96).
If the IP on the DAIP Security Gateway changes during a session, it will renegotiate IKE using the newly
assigned IP address.
In a star community when VPN routing is configured, DAIP Security Gateways cannot initiate connections
from their external IP through the center Security Gateway(s) to other DAIP Security Gateways or through
the center to the Internet. In this configuration, connections from the encryption domain of the DAIP are
supported.
0 Kudos
Danny
Champion Champion
Champion
‎2018-12-12 01:50 AM

HowTo Set Up Certificate Based VPNs with Check Point Appliances

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events