Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

Policy Based VPN Route Redistribution

Jump to solution

Hi all,

 

Is it possible to redistribution routes into OSPF or BGP when using policy based VPNs or is my only option to use route based VPNs? Since there is no static route or next hop when using with policy based VPNs, I'm guessing that routed based is the only way to go, however, my experience with Checkpoint is limited so I wanted additional insight

If route based VPNs is the way to go, all of our VPNs are current policy based. Is there any issues with using policy based VPNs with route based VPNs on the same appliance? 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Nickel

On your local Check Point add a route for the remote encryption domain with next hop your ISP router

The firewall will never route it to the ISP since the vpn daemon picks it up first and forwards it to the domain based VPN

View solution in original post

2 Replies
Highlighted
Admin
Admin
Generally mixing Domain and Route-based VPNS on the same gateway is a bad idea.
Highlighted
Nickel

On your local Check Point add a route for the remote encryption domain with next hop your ISP router

The firewall will never route it to the ISP since the vpn daemon picks it up first and forwards it to the domain based VPN

View solution in original post