Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Juan_Concepcion
Advisor

BGP over VPN between Azure.docx

Documentation which explains how to deploy a site to site VPN between an Azure VPN Gateway and Check Point R80.10 Gateway with BGP routing exchange via route based vpn.

16 Replies
Raphael_Cote
Contributor

I've read that VTI is not supported in VSX mode.  Can I follow this procedure in VSX mode?

Peter_Sandkuijl
Employee
Employee

Sorry, vti and VSX still don't work together

Timothy_Hall
Champion
Champion

Confirmed, and I suspect the reason for this limitation is that VTI's are implemented by a completely separate kernel module called vpntmod.  VSX runs pretty much completely in process space.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Jose_W__Castill
Explorer

Hi, I have a R80.10 Management and a cluster gateway R77.30. Can I follow this procedure? any aditional advice?

Juan_Concepcion
Advisor

Yes

Sent from my iPhone

PAUL_SAMWAYS1
Participant

Hi All, I've been trying to setup VPN to Azure with BGP (I've had no problems setting up standard VPN to Azure but require BGP for dynamic routing and thus bigger VPN to Azure, as we don't want to by an Express Route). I don't understand what this is trying to say in the document;

RZomerman
Explorer

Sorry to come back to this one.. 

On the "Interoperable Device" shouldnt the topology be the "External IP of the Azure GW" & the Azure VNET Address Space?

 

Why would i need to set my own CP External IP + Internal Subnet (on CP side) on the Interoperable Device referencing Azure?

0 Kudos
Reply
Juan_Concepcion
Advisor

For the Azure gateway object you have to manually set the topology (on normal gateway you just fetch) and the encryption domain.

Let me know if this isn’t clear.

Sent from my iPhone

Ping_Choi
Participant

Hi Juan,

Would you happen to know if these steps also apply to Checkpoint R80.30 ?

 

 

Juan_Concepcion
Advisor

No, in R80.30 I was able to do this without setting topology.

0 Kudos
Reply
MCS_LTD
Explorer

 Is there an updated guide for this? I find the steps required for the Checkpoint to be incredibly hard to follow

Juan_Concepcion
Advisor

Can you please be more specific on which portion your having problems understanding??

0 Kudos
Reply
Reyman2021
Participant

Hi Juan,

The external IP you put here in the topology is different from the real IP of peer gateway? The VPN Peer gateway is 52.225.225.207 and the external IP in the topology is 52.184.160.26. On the other hard I would also 

 

 CAPTURE1.PNG

Juan_Concepcion
Advisor

This should match whatever ip address is on the azure vpn gateway.  Oversite in transcription as I rebuilt this several times during documentation build and with each rebuild the ip was different.

0 Kudos
Reply
Reyman2021
Participant

Okay. By the way where do I get the router-id? 

 

0 Kudos
Reply
Reyman2021
Participant

Hi Juan,

The external IP you put here in the topology is different from the real IP of peer gateway? The VPN Peer gateway is 52.225.225.207 and the external IP in the topology is 52.184.160.26. On the other hard I would also ask where did you get the Router-ID 173.76.170.56? Thank you

CAPTURE1.PNG

0 Kudos
Reply