So to give a more detailed answer then would have to see a high level topology for how this fits together. Would also depend upon how the Branch Office Network route is put into the Central Office and if Traffic normally goes through the Check Point anyway. To expand on what was said then so much what you do will depend upon the topology and where the Point to Point Link actually terminates. Last resort would be running dynamic routing on both Check Points and the routers and use a route based VPN between the Check Points. or a IPSEC tunnel directly between both routers by using a NAT IP for both routers (requires SEC license on the routers).either a GRE tunnel on the router which is routed over a IPSEC tunnel between the Check Points.In our experience this type of setup is best solved by adding: VPN interfaces are configured in GAIA and depending on the number of sites you need an exponential growing number of interfaces, if you want a full mesh.VPN interfaces are supporting dynamic routing, they are not supported in VSX.A domain based VPN does not support dynamic routing.Encrypt or not? How does the gateway know when to encrypt or decrypt the traffic?.Routing, how will the traffic know which path to take?. ![]() There are a number of issues here that make this a difficult to answer item: This is one of those "I want something that is not simple" questions that customers have.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |