AnsweredAssumed Answered

Replacing a Cisco 2811 router duty with a Check Point standalone HA

Question asked by Cesar Caballero on Jul 19, 2018
Latest reply on Jul 19, 2018 by Dameon Welch-Abernathy

Hello to everyone,

I'm currently facing a scenario where we have two Check Point 4200s working in standalone HA and taking care of my internet connection and a simple VPN. Next to it, there is a Cisco 2811 router whose only duty is to keep an IPsec VPN established with another Cisco that we don't manage. I've been asked to migrate that IPsec VPN from the Cisco to the Check Point, and I don't know how to do that. Can anybody help me?

Network Topology

The IPsec VPN conditions are:

- The IPsec VPN must be established between the Check Point standalone in HA with a cluster IP 10.15.128.130/30 and a 3rd party appliance (Cisco) that we don't manage with an IP 10.15.128.2/30. So the Cluster IP address is going to be in a diferent subnet than it's members.

- Trafic within the IPsec VPN must be routed by NATing all IPs with a loopback with an IP 10.2.92.2 and another loopback with an IP 10.1.92.2.

- I've uploaded a modified config of the Cisco 2811 to protect privacy. It is attached to this post.

 

Any help would be greatly apreciated.

Regards,

Outcomes