 | ||
 VPNs with multiple interfaces | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2005-08-13 | |||
| |||
 VPNs with multiple interfaces VPNs with multiple interfaces Our enforcement point has two interfaces connected to the Internet. How can I encrypt traffic over both? Answer -------------------------------------------------------------------------------- The cold hard truth is: you can't. There is not a way to use a different IP address for the VPN, even if it's routed out another interface. Here's why: FireWall-1 encodes IPSec, SKIP, and IKE packets using the firewall's primary interface address, usually determined by the IP address defined in the General tab of the firewall's workstation object. Sometimes the primary interface is the one which has the licensed IP configured on it. If you are using a Gateway Cluster and have things configured correctly (see SettingUpHighlyAvailableVPNs) then the Gateway Cluster IP address is used. As a side note: The only other way to obtain the desired networking results is to set up BGP on your Internet router and have both WAN connections terminating to it. This allows you to connect the Internet router to only one interface on which it encrypts. -- RobertGraham - 08 Jan 2004 FAQForm FAQs.Class: EncryptionFAQs FAQs.OS: FAQs.Version:  |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
