How can i do VPN optik link with internet IPSec VPN.
May i use MEP? Which ip address become main IP of Cluster Checkpoints
MEP implies you have two VPN gateways responsible for the exact same locations.
That doesn't appear to be the case here, so MEP is not appropriate.
What you're probably after is Link Selection.
Refer to the VPN Site to Site docs: Site to Site VPN R80.10 - Part of Check Point Infinity
Thank you for your response.
I tried Link Selection.
But it is cannot connecting concurrently vpn connections.
May i need to create VTI interface on checkpoint?
You can configure it in an HA mode (only one VPN link is active) or in a Load Sharing mode (both VPN links are active).
Various scenarios and how to configure them are described in the documentation I linked above.
Link Selection Probing relies on a Check Point proprietary protocol.
As your peers in branch location are Cisco ASA, this will not work, as far as I know!
Right and the documentation discusses how to deal with this.
Thank you Norbert Bohusch.
Your right. I tested many times. It can connecting only Checkpoint gateways.
Do you have a any solution of my case? Please give me advice.
i am still finding convenient solution.
My recommendation is you update to R80.10 and use Route Based VPN (numbered) only with Branch-1 while maintaing Domain Based with the other two locations (only one link to them). Also would be convenient you change the ClusterXL mode to HA instead LS because the implications on tunnel establishment with remote peers according to ATRG: VPN Core and VPN Site-to-Site with 3rd party .
You will have to update your ASA device on Branch-1 to at least 9.7.1 version to support Route Based VPN deployments Release Notes for the Cisco ASA Series, 9.7(x) - Cisco
Thank you for your advice Kenny Manrique,
Branch1's ASA Version 8.4(7)1. I am not sure to upgrade Cisco IOS and i think it is the best solution. I will inquire more for Route Based VPN.
Retrieving data ...