This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
YuvrajMe147
Explorer
‎2021-11-02 10:50 AM

VPN tunnel redundancy on CP and also on ASA-peer. Any way to achieve dual VPN on both sides?

CP Checkmates,!


The setup we have in place for SITE to SITE VPN:

Star community has 2 CP Clusters defined and 1 ASA object under satellite. MEP has enabled hence the failover works fine should one of the CPs become unresponsive.

SMS/Gateways are at R80.30.

Requirement:

We need to add redundancy on the peer side as well. (Basically, one more peer needs to be added along with ASA-Main, which would be ASA-DR.)

Problem:

When we add ASA-DR, along with ASA-Main, both tunnels come up and cause an outage.
For now, we have removed the ASA-DR to keep the setup in a working state.


I am looking for any possible solutions, please. 

Thanks,
YM

Labels
0 Kudos
2 Replies
YuvrajMe147
Explorer
‎2021-11-04 09:25 AM

Is there anyone who could shed a light on this topic?

0 Kudos
mcatanzaro
Employee
Employee
‎2021-11-04 09:11 PM
In response to YuvrajMe147

I’m not 100% on if this would work but am chiming in since there aren’t any responses yet. 

In my head it seems like a route based VPN could work for this setup. 

I would imagine you could set priorities on the routes for relevant traffic to prefer the primary peer.

0 Kudos