Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

IPsec VPN termination on Loopback interfaces -R80.40

Hi Team,

I am planning to create a loopback interfaces on my HA cluster with same Public  IP to terminate the IPsec VPN tunnels. It is required as I am having private IP address on external interface and I don't want to NAT the IP on Internet router.

Questions:

1. Is that setup feasible , Shall I give the same public IP on both the members as loopback interfaces are not a part of cluster.

2. How would I choose the loopback interface IP  as an  Peer IP under Gateway Cluster properties -> IPsec VPN -> Link Selection I don't see an option to set this IP to be used as VPN peer IP for my third parties.

3. How this loopback interface  chooses physical interfaces to route its traffic 

 

Regards

Anshu Bathla

0 Kudos
Reply
4 Replies
Highlighted
Leader
Leader

@ab 

1. Is that setup feasible , Shall I give the same public IP on both the members as loopback interfaces are not a part of cluster.

That's not possible for your needs. You have to create a dummy cluster-interface. The members are assigned private IPs and the VIP will be your public IP.

With these configuration you can choose your public IP in all the needed sections in VPN link selection.

Wolfgang

 

Highlighted
Explorer

Thanks Wolfgang,

Shall I consider that as of now terminating the IPsec VPN is not at all possible on Loopback interfaces  on Checkpoint Firewalls?

0 Kudos
Reply
Highlighted
Admin
Admin

Just set the Link Selection IP to a static IP which does not have to be associated with a gateway interface at all.

0 Kudos
Reply
Highlighted
Explorer

Hi Anshu,

we also have the same requirement, Were u able to make it work with the dummy cluster interface. Please share your feedback

0 Kudos
Reply