This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bac26
Contributor
‎2022-10-22 08:39 AM

VPN Multiple interface interoperability device

Hi

I would like set up vpn  via an interface (not external we use for others vpn) to vpn community where i have an interoperability device.

How do i send the traffic go out on that interface (all the parameter are for locally managed)? the peer is direct attached on that interface so he know the route to the peer but traffic seems not going to that path. Even other peer on that interface we would like setup  vpns and gateway has the route to the peer.

 

Thank you

0 Kudos
13 Replies
the_rock
Legend
Legend
‎2022-10-22 02:54 PM

If you attach simple diagram, it would help us guide you.

0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-22 03:42 PM

If you want to terminate VPNs on different interfaces, you need to adjust the Link Selection settings on the gateway object to determine the IP based on the routing table.

0 Kudos
Bac26
Contributor
‎2022-10-22 08:52 PM
In response to PhoneBoy

Yes but then vpn on external interface won't work anymore

0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-23 05:41 AM
In response to Bac26

It should if you’ve configured it correctly (both Link Selection and the routing)
In any case, a network diagram would be exceptionally helpful.

0 Kudos
Bac26
Contributor
‎2022-10-23 05:58 AM
In response to PhoneBoy

You mean if set link selection on interface towards internal net when terminate my vpn for intranet the vpn using external interface main address facing internet still still work? I have already VPN facing internet interface .5 and would like to set up vpns to my interoperability device via interface 192.168.1.1. static route to 192.168.2.1 is set.

Preview file
31 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-23 09:38 AM
In response to Bac26

You set the link selection to be based on routing (instead of a fixed value or interface).
See: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SitetoSiteVPN_AdminGuide/Top...

0 Kudos
Bac26
Contributor
‎2022-10-23 10:28 AM
In response to PhoneBoy

sorry what do you mean exactly? can you share a screenshot?

0 Kudos
the_rock
Legend
Legend
‎2022-10-23 01:20 PM
In response to Bac26

From the doc @PhoneBoy gave you. By the way, if you look in demo dashboard, you can see same settings.

Andy

the_rock_0-1666556407610.gif

 

You configure the settings in SmartConsole

0 Kudos
Bac26
Contributor
‎2022-10-23 07:54 PM
In response to the_rock

Yes is what I did and choose:

  • Calculate IP based on network topology

But this parameters is not for locally managed?

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-24 11:03 AM
In response to Bac26

Assuming you mean a locally managed SMB appliance, there is a similar setting there:

image.png

 

0 Kudos
Bac26
Contributor
‎2022-10-24 08:23 PM
In response to PhoneBoy

I mean the parameters you told me to set is related to: Remote peers can connect to the local Security. But I need traffic from central gateway to intranet peers go through that interface

0 Kudos
Gomboragchaa
Advisor
‎2022-10-24 11:50 PM

I assuming that you cannot use 2 interface for 2 vpn with interoperability device. I had a same issue a long time ago and CP cannot use 2 vpn interfaces with 3rd party gateways. I am not sure the latest gaia can fully support DPD.

If the remote peers are CheckPoint you can accomplish to use multiple interface for vpn that "Calculate IP based on network topology" options. 

I would suggest you contact with TAC and get some enquiry. 

0 Kudos
Bac26
Contributor
‎2022-10-25 12:56 AM
In response to Gomboragchaa

so if set link selection that interface to intranet, internet vpn wont work right?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events