This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
hdas
Participant
‎2021-06-18 04:19 AM

ClusterXL - VxLAN over redundant IPSec VPN (R81.10 and future release)

Hello Mates,

does someone know if the R81.10 will support redundant IPSec VPN and VxLAN over IPSec?

As far as I know, the R80.40 and R81 do not support multiple link selection for the multiple VPN tunnels (different public subnets).

This is what I want to achieve:

VxLAN_IPSec.jpg

 

Thanks,

6 Replies
Benedikt_Weissl
Advisor
‎2021-06-18 07:10 AM

You could try VPN Link Selection in Load Sharing mode. According to the FAQ here (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...) it will only create one VPN Tunnel and balance the packets between the different links.

0 Kudos
hdas
Participant
‎2021-06-21 02:36 AM
In response to Benedikt_Weissl

My goal was to find a way to use both internet connections at the same time.

0 Kudos
Benedikt_Weissl
Advisor
‎2021-06-21 04:04 AM
In response to hdas

You can use ISP Redundancy for LAN to WAN Traffic und VPN Load Sharing (https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_SitetoSiteVPN_AdminGuide/htm...) for Site2Site VPN Traffic

0 Kudos
PhoneBoy
Admin
Admin
‎2021-06-18 01:08 PM

Pretty sure this is not among the features supported, see: https://community.checkpoint.com/t5/Product-Announcements/R81-10-EA-Program-Production/ba-p/110053

Mostly likely this exact configuration is an RFE and I encourage you to bring it through your local Check Point office.

hdas
Participant
‎2021-06-21 02:46 AM
In response to PhoneBoy

Hi PhoneBoy,

I don't know if the local office will be able to support me on this. We need to look elsewhere, disaggregation maybe? Just think how useful would be to have the control plane (VRF, virtual router..etc) in ClusterXL? 😍

0 Kudos
genisis__
Mentor Mentor
Mentor
‎2021-06-20 03:12 AM

not sure about this, but could you not just run x2 GRE tunnels through the Checkpoints? 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top