Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Michael_Horne
Advisor
Jump to solution

Site to site VPN - Not using ID_IPV4_ADDR as IKE ID

Hello All,

Is it possible on a Checkpoint Security Gateway to use something else besides an IP address is the IKE ID?

We are partnering with a 3rd Party that use a Sonic Firewall. For there configuration options it is select the IKE ID for Phase 1 as IP address, but also a domain or and email address format.

Under the Link Selection options, all we have is various options that can be used to determine what IP Address to select as the IKE ID.

There are reasons to do with failover between two Site to Site VPN tunnels, that cause us to now want to use the local public IP address. Each IPsec connection from our sites to the partner should use the same IKE ID, for the failover to be automatic on their end.

Regards,

Michael

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
0 Kudos
Michael_Horne
Advisor

Thank you very much for the information. I forgot this SK exists! 

Since we are setting environment variables, this would affect all VPN tunnels on the security gateway, correct?

Many thanks,

Michael

0 Kudos
MartinTzvetanov
Advisor

When I was on a Checkpoint training the instructor said it's possible to use fqdn and ip based s2s vpn and you have to ask the support how to do it. This was 5 years ago and I don't remember if there is an sk how to do it by your own, so open a case and ask the support.

0 Kudos
PhoneBoy
Admin
Admin

Believe so, yes. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events