Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MarcuzShinz
Contributor

Config VPN 2S2 with 2 Public IPs to 2 different sites

Hi guy!,

Currently, i am having a problem with configuring 2S2 VPN on checkpoint. Specifically we have 2 VPN lines to 2 different sites

Now the ftth lines are plugged into Peplink and we have a connection between Peplink and Checkpoint.

Currently we have preconfigured an s2s to 1 Site. In the link selection we choose select Statically NATed IP and this tunnel is running very stable.

To be able to further configure the 2nd Tunnel, how should we choose link selection?

Has anyone come across this situation?

 

Remote Access VPN Security Gateways 

 

 

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

It's not clear what you're trying to do here.
Can you elaborate more about the current and desired state?
More specifically:

  • Version/JHF of the Check Point device
  • What device is the Check Point terminating a VPN to?
  • What kind of VPN is being set up here? Route based? Domain based? If domain based, what is the remote encryption domain?
  • Is your goal to establish two VPN tunnels to the same device or are you trying to establish a VPN to a different device?

The more details you can provide, the better.

0 Kudos
MarcuzShinz
Contributor

Hi @PhoneBoy , thanks for your response,

1. I have 2 devices Checkpoint Gateway version R81.10/HF take 94.

2. The remote peer is a 3rd party device but I don't know which provider it is.

3. The VPN set up here is the:

In the IP Selection by Remote Peer,

we choose "Statically Nated IP" We enter the Public IP in this section, because our checkpoint device is behind the Peplink device, and Peplink plays the role of NAT data output.

In the Outgoing Route Selection,

we choose "Operating system routing table"

 4. As I described, we have 2 tunnels that need to be set up to 2 different sites. We have now configured a tunnel to a site according to the configuration shown in the attached figure.

The problem we are facing is how to configure one more tunnel. While in the "Statically Nated IP" section, only one Public IP is allowed.

 

 

 

 

0 Kudos
PhoneBoy
Admin
Admin

Unfortunately, you cannot configure a different Link Selection IP for a different VPN peer directly; this is currently an RFE.
The only way to use a different IP for a different VPN peer is to route the traffic out a different physical interface and configure Link Selection accordingly.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events