Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Teddy_Brewski
Contributor

Different PSKs for external VPN gateway

Hello,

Two gateways, FW-GW-A and FW-GW-B, with two separate default routes and public IPs, running Check Point r80.40 and managed by one SmartCenter.

There is a IPSec tunnel with the external client (FW-EXT-CLIENT-A) on one of the gateways (FW-GW-A). We need to setup additional tunnel with the same FW-EXT-CLIENT-A, on another gateway (FW-GW-B), but with the different PSK.

Can I just create another VPN community and set a desired PSK, or it will overwrite the PSK for the first tunnel too? In other words, is PSK bound to the VPN community object or firewall object?

Thank you.

0 Kudos
3 Replies
RS_Daniel
Advisor

Hello,

You can create a new vpn domain and put a different psk. Some troubles can appear regarding encryption domains or the peer IP address, the remote and local vpn domains will be the same for both vpn's? the public IP of the remote gateway will be the same?

Regards

0 Kudos
Teddy_Brewski
Contributor

@RS_Daniel thank you.

The peer IP of FW-EXT-CLIENT-A is the same, public IPs of FW-GW-A and FW-GW-B are different.

Local VPN domains are different too, however the remote VPN domain is the same.

0 Kudos
RS_Daniel
Advisor

Hello,

Local VPN domains are different --> i think it solves any overlapping networks issues, it should work using a new vpn community, i have the same scenario with one customer and didn't have any problem.

Regards

0 Kudos