- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Mulitple 5 site vpn design P2P and mesh and cente...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mulitple site vpn design P2P
++ E & B need to be directly through P2P vpn
++ D & C need to be directly through P2P vpn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @gajendra229
This forum is not for suggestion on designing the networks and extend help in designing the same but we can help you on technical issues if any. However to give you a hint you can use route based tunnels.
Or best way opt for DMVPN with other devices; this would not be possible with policy based tunnels.
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, Blason for replying,
Sorry if i said need help to design....
I already have this design just trying to understand how do i can achieve this configuration.
Route based tunnels any url where i can learn and configure according to it on checkpoint R80.40?
as i configured vpn domain based tunnel only never configured route-based tunnel.
Does this route-based tunnel require, Routing team to do something differently? mean i need to inform something to configure accroding to configuration in checkpoint?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
++ E & B need to directly connect to each other through direct tunnel
++ D & A need to directly connect to each other through direct tunnel
How this can be achieved ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As @Blason_R said...route based tunnels.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got that but didn't understand the concept of creating between this many tunnels per my design , what should be the approach
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Below is good reference, but I also pasted some notes I took for myself. I would send you the good doc I have, but it contains private customer info, so cant do that, sorry
Andy
https://support.checkpoint.com/results/sk/sk100726
Some notes I gathered:
Steps for route based azure vpn tunnel:
Star community
Get all the settings from config file on Azure side
Pick any Ips from 169.254.0.0/24 subnet NOT in use with current tunnels for VTIs/remote address
Say:
169.254.0.200, 201 and 202 (master, backup and VIP) and then .203 for remote address (which is also used as DG for subnet on the other side)
Once this is configured, get interfaces without TOPOLOGY
*DO NOT PUSH POLICY YET*
Save changes in dashboard, then add peer external IP to exempt anti spoof group for external interface
Then also add route to external peer IP using actual Internet default DG
MAKE SURE PEER NAME (in VTI settings in web UI) MATCHES WITH INTEROPERABLE OBJECT in dashboard
Create appropriate rule using VPN community (bi-directional match) (internal clear to 3rd party tunnel, 3rd party to 3 rd party, 3rd party to internal clear in vpn column)
Push policy and test
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for sharing that any reference doc that can help to build multiple tunnels under same management server
I have 5 gateway, per my design I don't understand how many tunnel have to build
thinking to create 3 route based tunnels as if create domain based it will give an error while pushing policy on firewall
The pair of objects <FW A and FW b> appear simultaneously in the Intranet Communities:
not sure if i can achieve thinks with below 3 tunnels
ABC - mesh
A center gateway, E,D,C satellite gateway - bidirectional flow
C center gateway D,B,E satellite gateway
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would contact TAC for faster resolution.