cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

IPsec VPN over MPLS

Jump to solution

Hi,

Anyone known how configure a VPN IPSEC over MPLS?

Actually i have a tunel established using my ISP between two Check Point Gateway, now i have a MPLS link and i want to encrypt this traffic.

Devices:

1 Manager for Corporate and Branch Site;

1 Corporate Gateway;

1 Branch site Gateway.

My doubt is, i have some others tunnels using my ISP on Corporate gateway, if i change the link selector to use MPLS, how the VPN´s configured today understand this?

Best Regards

Lucas

1 Solution

Accepted Solutions

Re: IPsec VPN over MPLS

Jump to solution

Hi all,

The final solutions was:

Uncheck "Apply settings to VPN Traffic" from the ISP Redundancy settings.

Configure the Link Selection to probe my two ISP´s and the MPLS and set the primary address to MPLS.

 

Renew the certificates from Gateway 01 and Gateway 02 adding all ip address of ipsec as SAN.

Regards

Lucas

9 Replies
Admin
Admin

Re: IPsec VPN over MPLS

Jump to solution

Is the MPLS link on the same interface or a different interface from your ISP?

Assuming different, then I think if you use "Calculate IP Based on Network Topology" it should use the IP facing that network.

0 Kudos

Re: IPsec VPN over MPLS

Jump to solution

Hi Dameon,

Thank you!

Yes, is a different interface.

I have ISP Redundancy configured also, with "Apply settings to VPN Traffic" because i have VPN established with anothers peers over internet and for redundancy of internet and the ipsec vpn with this peers.

Also, if i uncheck "Apply settings to VPN Traffic" and use "Calculate IP Based on Network Topology", Can i have a problem with link failover or with others tunnels?

Lucas

Admin
Admin

Re: IPsec VPN over MPLS

Jump to solution

Depends on if the remote end of the MPLS VPN is Check Point or not.

See: IKE Main Mode negotiation fails with error "invalid id" when Check Point Security Gateway has ISP re... 

0 Kudos

Re: IPsec VPN over MPLS

Jump to solution

Hi Dameon,

Thank you for all your support.

Yes, is a check point.

Do you know what happens when I uncheck the option "Apply settings to VPN Traffic" from ISP redundancy settings?

I will lose the failover with others peers?

Regards

Lucas

0 Kudos
Admin
Admin

Re: IPsec VPN over MPLS

Jump to solution

I don't think you need to disable "Apply settings to VPN Traffic" in this case (but maybe I'm wrong here).

0 Kudos

Re: IPsec VPN over MPLS

Jump to solution

Hi Dameon,

If i do not disable the option "Apply settings to VPN Traffic", I am not be able to change the link selection on the IPSec VPN tab. Smiley Sad

Regards

Lucas

0 Kudos
Admin
Admin

Re: IPsec VPN over MPLS

Jump to solution

It should be ok.

It's similar to the following scenario in the documentation, which requires a couple extra steps to be done: Link Selection 

0 Kudos

Re: IPsec VPN over MPLS

Jump to solution

Hi Dameon,

Thank you so much.

I will try, I will be back with results.

Regards

Lucas

0 Kudos

Re: IPsec VPN over MPLS

Jump to solution

Hi all,

The final solutions was:

Uncheck "Apply settings to VPN Traffic" from the ISP Redundancy settings.

Configure the Link Selection to probe my two ISP´s and the MPLS and set the primary address to MPLS.

 

Renew the certificates from Gateway 01 and Gateway 02 adding all ip address of ipsec as SAN.

Regards

Lucas