Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lucas_Piris
Participant
Jump to solution

IPsec VPN over MPLS

Hi,

Anyone known how configure a VPN IPSEC over MPLS?

Actually i have a tunel established using my ISP between two Check Point Gateway, now i have a MPLS link and i want to encrypt this traffic.

Devices:

1 Manager for Corporate and Branch Site;

1 Corporate Gateway;

1 Branch site Gateway.

My doubt is, i have some others tunnels using my ISP on Corporate gateway, if i change the link selector to use MPLS, how the VPN´s configured today understand this?

Best Regards

Lucas

1 Solution

Accepted Solutions
Lucas_Piris
Participant

Hi all,

The final solutions was:

Uncheck "Apply settings to VPN Traffic" from the ISP Redundancy settings.

Configure the Link Selection to probe my two ISP´s and the MPLS and set the primary address to MPLS.

 

Renew the certificates from Gateway 01 and Gateway 02 adding all ip address of ipsec as SAN.

Regards

Lucas

View solution in original post

9 Replies
PhoneBoy
Admin
Admin

Is the MPLS link on the same interface or a different interface from your ISP?

Assuming different, then I think if you use "Calculate IP Based on Network Topology" it should use the IP facing that network.

0 Kudos
Lucas_Piris
Participant

Hi Dameon,

Thank you!

Yes, is a different interface.

I have ISP Redundancy configured also, with "Apply settings to VPN Traffic" because i have VPN established with anothers peers over internet and for redundancy of internet and the ipsec vpn with this peers.

Also, if i uncheck "Apply settings to VPN Traffic" and use "Calculate IP Based on Network Topology", Can i have a problem with link failover or with others tunnels?

Lucas

PhoneBoy
Admin
Admin

Depends on if the remote end of the MPLS VPN is Check Point or not.

See: IKE Main Mode negotiation fails with error "invalid id" when Check Point Security Gateway has ISP re... 

0 Kudos
Lucas_Piris
Participant

Hi Dameon,

Thank you for all your support.

Yes, is a check point.

Do you know what happens when I uncheck the option "Apply settings to VPN Traffic" from ISP redundancy settings?

I will lose the failover with others peers?

Regards

Lucas

0 Kudos
PhoneBoy
Admin
Admin

I don't think you need to disable "Apply settings to VPN Traffic" in this case (but maybe I'm wrong here).

0 Kudos
Lucas_Piris
Participant

Hi Dameon,

If i do not disable the option "Apply settings to VPN Traffic", I am not be able to change the link selection on the IPSec VPN tab. Smiley Sad

Regards

Lucas

0 Kudos
PhoneBoy
Admin
Admin

It should be ok.

It's similar to the following scenario in the documentation, which requires a couple extra steps to be done: Link Selection 

0 Kudos
Lucas_Piris
Participant

Hi Dameon,

Thank you so much.

I will try, I will be back with results.

Regards

Lucas

0 Kudos
Lucas_Piris
Participant

Hi all,

The final solutions was:

Uncheck "Apply settings to VPN Traffic" from the ISP Redundancy settings.

Configure the Link Selection to probe my two ISP´s and the MPLS and set the primary address to MPLS.

 

Renew the certificates from Gateway 01 and Gateway 02 adding all ip address of ipsec as SAN.

Regards

Lucas

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events