This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CheckCheckM
Participant
‎2023-01-28 08:11 AM
Jump to solution

Quantum spark ipsec tunnel using vti interface

Hello all

Let me request quantum spark ipsec configuration guidr using vti if anyone have. Thanks.

Software version r81.10

0 Kudos
1 Solution

Accepted Solutions
8 Replies
HeikoAnkenbrand
MVP Diamond
MVP Diamond
‎2023-01-28 10:43 AM
Jump to solution

See Site to Site VPN R81 Administration Guide:

Route Based VPN

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-01-28 11:34 PM
In response to HeikoAnkenbrand
Jump to solution

This is Quantum Spark...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-01-28 11:33 PM
Jump to solution

For locally managed Quantum Spark:

https://sc1.checkpoint.com/documents/SMB_R81.10.00/AdminGuides/Locally_Managed/EN/Topics/Configuring...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Emilio_Espinosa
Contributor
Thursday
In response to G_W_Albrecht
Jump to solution

Link doesn't work anymore.

Besides, administration guide doesn't give instruction on how to set up a VPN using VTI but VTI itself.

0 Kudos
Emilio_Espinosa
Contributor
Thursday
In response to Chris_Atkinson
Jump to solution

Sweet!!

 

Thanks, Chris. It seems it's all there.

0 Kudos
Emilio_Espinosa
Contributor
Thursday
Jump to solution

Were you able to set up a VPN using VTIs? 

Anyone?

Administration guide give instructions to set up VTI not VPN itself. According to Quantum admin guide, an empty group is required to be added as domain encryption in the VPN settings but Sparks won't allow it. Besides, the following note is indicated:
"InR81.10.00, static routes are not supported with a VPN Tunnel (VTI) as the Next Hop."
So, what's the point of having VTI?

In my case, I want to set up routing VPN in a locally managed SMB (1535, R81.10.17).

Sorry to revive an old thread but can't find proper instructions.

0 Kudos
Tom_Hinoue
Advisor
Advisor
Thursday
In response to Emilio_Espinosa
Jump to solution

Using VTIs (numbered or unnumbered) is supported even with locally managed Spark.
I was able to configure it in multiple scenarios such as AWS/GCP/Spark as peer and working.

Both static route with vti as nexthop and dynamic protocols like BGP works.
I remember there were some limitations back in R81.10.00 using VTIs (first release of embedded R81) but it should definitely work if you're running R81.10.17 and up.

Just make sure your VTI interface peer settings match the name of the VPN site name you created where you want to bind the VTI to.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events