This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Smorales
Participant
Tuesday

VPN Site to Site with Third Party Gateway and using DynDNS

Hello, everyone.

 

Due to a requirement, I have been investigating how to generate a Site-to-Site VPN to a third-party gateway, but unlike other VPNs, the peer for this new VPN does not have a static public IP address. It uses DynDNS, which means it uses a domain for a public IP address that changes constantly.


Honestly, I don't see how this could work, since regardless of the type of VPN I use, whether it's domain/route-based or if I use Pre-Shared Keys or Certificates, they need a fixed public IP from the peer to establish IKE.


I was thinking of using the “Resolve from name” option in the interoperable object, but after doing some more research, I read that when it resolves and the domain changes IP, you need to manually change the object so that it resolves with the new IP, and this is not very efficient.

 

My question is: have you had any similar activity? Do you know of any documentation that relates to something like this?

 

Best regards!

Labels
0 Kudos
2 Replies
CaseyB
Advisor
Tuesday

I have plenty of these working with Check Point devices, but I would imagine it would be similar for a third-party gateway if it was to work.

  • DAIP Gateway
  • Certificate authentication

The DAIP gateway will always be the one initiating the IPsec tunnel since the DAIP gateway is dynamic.

sk36968 

sk167473 

emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
Tuesday

When you create your Interop Device, tick the Dynamic Address box next to the Resolve from Name button. Then in IPSec VPN / Link Selection, select the Use DNS resolving radio button and put the FQDN in the Full hostname box. You will need to use Cert based auth for this to work. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events