This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
guesstimation
Contributor
‎2023-03-05 09:05 AM

Asymmetric Routing

Hi,

We have this route-based VPN with partner. It is static routing with VPN site A as preferred.

Problem that sometimes partner, which is normally on-site A, becomes Active on B site, while our route is still points to A. We see traffic all looks good, just the thing that we send traffic to site A and get it back through site B. Looking at the logs i don't see drops, but users say they have no connection.  Spoofing is not an issue, so not sure what exactly kills the connection.  I assume Asymmetric routing is to blame one way or another.

>Is there any way to live with Asymmetric routing situation in Route Based VPN? 

(At the moment i have only static routing at my disposal, as have some corporate limitations on running dynamic routing on the firewalls.)

Thank you.

 

 

0 Kudos
9 Replies
Vladimir
Champion
Champion
‎2023-03-05 10:05 AM

Not sure if this would work, but in static routes, there is a way to configure IP Monitoring with "Force Interface Symmetry". You can play with that option.

guesstimation
Contributor
‎2023-03-06 08:14 AM
In response to Vladimir

Thanks, this does look like a potential way to resolve this.

0 Kudos
the_rock
Legend
Legend
‎2023-03-06 08:30 AM
In response to Vladimir

Learned something new. Never seen that option before @Vladimir . Thanks for pointing that out 🙌

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2023-03-06 09:57 AM
In response to Vladimir

What strange sorcery is this Vladimir? 😀  Never heard of "Force Interface Symmetry" for route IP Monitoring either.  Guess these are things you find out when you write a book or something.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
the_rock
Legend
Legend
‎2023-03-06 10:17 AM
In response to Timothy_Hall

@Timothy_Hall haha, yea, things you find out when you write a book, not that I would know 😂😂. By the way, both your and @Vladimir 's book...FANTASTIC 👌👍

0 Kudos
Vladimir
Champion
Champion
‎2023-03-06 11:56 AM

To paraphrase Forrest Gump: Check Point is like a box of chocolates...

0 Kudos
the_rock
Legend
Legend
‎2023-03-06 12:52 PM
In response to Vladimir

There is an idea for CPX slogan ; - )

0 Kudos
Vladimir
Champion
Champion
‎2023-03-06 03:14 PM
In response to the_rock

Yeah, I can see it going well with CP marketing:)

 

0 Kudos
the_rock
Legend
Legend
‎2023-03-06 03:17 PM
In response to Vladimir

I know lol. But, in all honesty, me personally, I could care less what company motto/slogan is, as long as the product works and support is good. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events