This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RLopez
Participant
‎2023-11-02 10:57 AM
Jump to solution

VPN Site to Site with differents ISP

Hello,

 

I ask here because the documentation is very confusing about thesetopics, maybe you can help me to pick the right option.

A customer has a cluster with a s2s vpn tunnel, it is configured like a domain vpn, using a public ip conected to a ISP1.

Now he needs to add 2 new tunnels, but using 2 new ISP, each one providing his own public ip to be configured in the gateway.

Which type of vpn scenario would be the right one? (still in this community with link selection, new route based vpns, vti.....)

The 3 remote third party gateways are not Check Point devices.

 

Thanks in advance!

 

 

 

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-11-02 12:10 PM
Jump to solution

The only way this can work right now is for each VPN link to route out a different physical interface with the relevant IP address assigned.
This requires Link Selection to be set up accordingly.
Otherwise, it is not possible to use a different IP for a different VPN peer.
Also, if you're mixing route and domain-based VPNs on the same gateway, see: https://support.checkpoint.com/results/sk/sk109340 

Hopefully, with the changes planned for R82, this sort of scenario should be easier to support,. 

View solution in original post

8 Replies
PhoneBoy
Admin
Admin
‎2023-11-02 12:10 PM
Jump to solution

The only way this can work right now is for each VPN link to route out a different physical interface with the relevant IP address assigned.
This requires Link Selection to be set up accordingly.
Otherwise, it is not possible to use a different IP for a different VPN peer.
Also, if you're mixing route and domain-based VPNs on the same gateway, see: https://support.checkpoint.com/results/sk/sk109340 

Hopefully, with the changes planned for R82, this sort of scenario should be easier to support,. 

RLopez
Participant
‎2023-11-02 02:12 PM
In response to PhoneBoy
Jump to solution

So if I understand it, the way to do this keeping the vpn1 with isp1 as domain vpn is to configure the other 2 as routed vpn, using link selection for this gateway as calculate ip based on network topology and 2 static routes for the two remote networks, each one reachable behing vpn tunnel 2 and vpn tunnel 3, right?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-11-02 02:58 PM
In response to RLopez
Jump to solution

That sounds about right, yes.

0 Kudos
the_rock
Legend
Legend
‎2023-11-02 04:54 PM
In response to RLopez
Jump to solution

Its right in theory, but in reality, different story... : - (

RLopez
Participant
‎2023-11-02 11:54 PM
In response to the_rock
Jump to solution

Lol... What do you mean? Did you have problems with this configuration?

0 Kudos
the_rock
Legend
Legend
‎2023-11-03 02:00 AM
In response to RLopez
Jump to solution

I dont have problems with it, but its not so easy to make it work, at least from my experience.

MarcosGarcia
Participant
‎2023-11-05 11:50 PM
In response to the_rock
Jump to solution

Ok, understood. Thanks.

0 Kudos
CheckPointerXL
Advisor
‎2023-11-17 01:37 PM
Jump to solution

Look my answer and my contributes here https://community.checkpoint.com/t5/Management/Link-selection-into-a-VPN-Community-Settings-R81-20/m...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events