This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PankajTiwari1
Explorer
‎2022-11-14 02:00 AM

IPSEC failvoer not workign with MPLS link

Hello to all.

This is my first post here. I hope you can help me to address the investigation rightly.

 

SCENARIO

Main Site - Check Point R80.40

VPN Domain - 192.168.10.0/24

 

Remote site - Checkpoint R81.10

VPN Domain - 192.168,60.0/24

 

i am facing the issue with MPLS failover with IPSEC VPN.i have two link fist one is ILL( Internet Lease Line) and secondary is a MPLS link. i have to crate the redundancy with with my MPLS network whenever i crate the tunnel my all interface traffice will go through only IPSEC however it MPLS traffic or it is IPSEC traffic. please find the attached Network Diagram and suggest.

 

Untitled.png

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-11-14 06:48 AM

If you want control by routing metrics, VTI could be an option for you rather than domain based VPNs.

Refer also sk56384.

CCSM R77/R80/ELITE
0 Kudos
PankajTiwari1
Explorer
‎2022-11-14 06:52 AM
In response to Chris_Atkinson

I try this SK but no luck.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-11-14 06:56 AM
In response to PankajTiwari1

As above please look into VTI route based VPNs.

It's covered in detail in the VPN Admin Guide.

CCSM R77/R80/ELITE
0 Kudos
PankajTiwari1
Explorer
‎2022-11-14 07:07 AM
In response to Chris_Atkinson

Hello Chris,

 

thanks for your reply but it is a route based VPN i try with disabling VTI interface but after disabling VTI interface all traffic will forward through MPLS interface but the issue is i am facing high lattancy because it will crated a tunnel over the MPLS link according to SK it is a plan taxt link.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events