This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Michael_Horne
Advisor
‎2021-03-18 10:16 AM
Jump to solution

Site to site VPN - Not using ID_IPV4_ADDR as IKE ID

Hello All,

Is it possible on a Checkpoint Security Gateway to use something else besides an IP address is the IKE ID?

We are partnering with a 3rd Party that use a Sonic Firewall. For there configuration options it is select the IKE ID for Phase 1 as IP address, but also a domain or and email address format.

Under the Link Selection options, all we have is various options that can be used to determine what IP Address to select as the IKE ID.

There are reasons to do with failover between two Site to Site VPN tunnels, that cause us to now want to use the local public IP address. Each IPsec connection from our sites to the partner should use the same IKE ID, for the failover to be automatic on their end.

Regards,

Michael

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-03-18 01:13 PM
Jump to solution

You can use FQDN.
See option 2 here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-03-18 01:13 PM
Jump to solution

You can use FQDN.
See option 2 here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
Michael_Horne
Advisor
‎2021-03-19 03:13 AM
In response to PhoneBoy
Jump to solution

Thank you very much for the information. I forgot this SK exists! 

Since we are setting environment variables, this would affect all VPN tunnels on the security gateway, correct?

Many thanks,

Michael

0 Kudos
MartinTzvetanov
Advisor
‎2021-03-19 05:46 AM
In response to Michael_Horne
Jump to solution

When I was on a Checkpoint training the instructor said it's possible to use fqdn and ip based s2s vpn and you have to ask the support how to do it. This was 5 years ago and I don't remember if there is an sk how to do it by your own, so open a case and ask the support.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-03-19 11:39 PM
In response to Michael_Horne
Jump to solution

Believe so, yes. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events