Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sergio_Afonso_C
Participant

IPSec ikev2

Have someone configured a lan2lan tunnel with just ikev2? I have a problem with IDi that presents in the remote peer (it presents private IP) and I do not know if it can be changed / forced to be public IP, without changing the main IP of the cluster. I can nota disable the NAT-T because I have other IPSec tunnels working well with ikev1.

This issue is only with V2.

Thank you!

6 Replies
Maarten_Sjouw
Champion
Champion

the option you are looking for is Link selection, in the cluster object you need to set the outside interface as the primary IP to be used for building VPN's.

Regards, Maarten
Sergio_Afonso_C
Participant

Hi, this option is only used to set the tunnel. I can stablish the phase1 with the correct IP, but in the phase2 the IDs still the private IP. I have tested all options Smiley Sad

Thank you

El 1 dic. 2018 14:59, Maarten Sjouw <donotreply@checkpoint.com> escribió:

CheckMates <https://community.checkpoint.com/?et=watches.email.thread>

Re: IPSec ikev2

respuesta de Maarten Sjouw<https://community.checkpoint.com/people/190aef73-58b6-43b8-aee6-8bbb11391e10?et=watches.email.thread> en Installation, Maintenance, and Upgrades - Ver la discusión completa<https://community.checkpoint.com/message/34022-re-ipsec-ikev2?commentID=34022&et=watches.email.thread#comment-34022>

Steve_Vandegaer
Contributor

Did you get this resolved? I have the same issue.

0 Kudos
Sergio_Afonso_C
Participant

NO, I was impossible. Finally I did with ikev1

--

Un saludo

Sergio

De: Steve Vandegaer <donotreply@checkpoint.com>

Enviado el: miércoles, 23 de enero de 2019 13:40

Para: Sergio Afonso Coderch <sergioafonso.coderch@satec.es>

Asunto: Re: - Re: IPSec ikev2

CheckMates <https://community.checkpoint.com/?et=watches.email.thread>

Re: IPSec ikev2

respuesta de Steve Vandegaer<https://community.checkpoint.com/people/921f9968-89ff-4168-b7c1-b7bc78595431?et=watches.email.thread> en Installation, Maintenance, and Upgrades - Ver la discusión completa<https://community.checkpoint.com/message/38090-re-ipsec-ikev2?commentID=38090&et=watches.email.thread#comment-38090>

Steve_Vandegaer
Contributor

Thanks for the fast response.

0 Kudos
Peter_Baumann
Contributor

I think it's better to use IKEv1...

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

  • In some less common conditions, Check Point IKEv2 IPsec VPN up to R80.30 may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events