S2S VPN between Check Point gateways with 2 ISP li...

Nandhakumar_N · ‎2024-08-11

We want to setup a Site-to-Site VPN between two Check Point security gateways, where both are managed by the same management server and configured in a cluster and remote site have 2 Internet link.

AkosBakos · ‎2024-08-12

Hi @Nandhakumar_N

You mentioned that, you have 2 ISP-s at the moment. How the redundancy configured between the two ISP-s? What settings do you use?

Akos

----------------
\m/_(>_<)_\m/

Nandhakumar_N · ‎2024-08-12

Hi @AkosBakos

ISP configured in primary/backup. Center gateway having single Internet link and remote branch office gateway have dual Internet link. We want if remote site primary link went down then tunnel should get auto shift to backup link. So, do we need to configure policy base vpn or route base vpn?

AkosBakos · ‎2024-08-12

Hi @Nandhakumar_N

On the center side, nothing special, tha GW has one external IP. Branch office can be tricky. The two ISP provide the same IP, or they have different IP? In S2S VPN config, the Peer GW has one IP only -> this could be an issue.

From my point of view, to avoid of a lot of inconvience, try to use an active device which is responsible for to handle the two ISP link. But this won't solve the different IP problem.

Akos

----------------
\m/_(>_<)_\m/

Are you a member of CheckMates?

S2S VPN between Check Point gateways with 2 ISP links in Remote side