This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nlegastelois
Explorer
‎2022-11-02 08:44 AM

VPN S2S with third party devices through 2 interfaces

Hello,

We are using a cluster XL with two gateways (active/passive)  that are running on version R81.

We have from this cluster three S2S VPN with third-party devices created using domain VPN. For now we have only one route through a L3 device that is connected to two lines and acting as a BGP partner with the two providers. In this scenarion if one circuit is down the checkpoint are still using the same public IP range and the VPN tunnel remain up.

We have to migrate to another solution with two ISP connected on two different interfaces of the Checkpoint with one dedicated public IP range per ISP.

I am searching for hours on the differents topics about the way to failover the VPN from one ISP to another but I am completly lost.

As I could read the link selection will not work with non checkpoint peers.

I was thinking to create static route toward peer IP by using ISP1 with higher priority and add an ip reachability detection to the peer IP then if it fail the secondary route will be used for the VPN. Is it possible to do in this way ?

Thnk you for your help.

Nicolas

Labels
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2022-11-04 09:53 AM

Link Selection is not dependent on the remote gateway being a Check Point device.
What you're looking for is here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
nlegastelois
Explorer
‎2022-11-07 06:55 AM
In response to PhoneBoy

Hello,

I just had a look into this link but it's written : 

  • How about interoperability with non Check Point VPN devices?
    Interoperability with non Check Point VPN gateways is not supported.
    RDP (probing) protocol is Check Point proprietary.
    Interoperable VPN devices generate VPN tunnels per interface, whereas in this solution the tunnel is generated between VPN peers regardless of the number of outgoing VPN interfaces and links deployed between the VPN gateways.

So it seems not supported with a non checkpoint device ?

Thanks

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-07 07:57 AM
In response to nlegastelois

Link Selection should work regardless of the remote VPN endpoint.
Dead Peer Detection should be the default in R81, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-07 08:17 AM
In response to nlegastelois

Another possible option: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events