Checkpoint VPN - Redundant links via 2 ISPs

[ChrisMWCI]

The Scenario: Checkpoint 4.1 Stonbeat Fullcluster in UK with an IKE VPN link to single CP 4.1 firewall in India.

The Problem: ISP link in India is not reliable and would like to increase resiliance by adding another link.

The question: If we add a second Firewall with a different Public IP address can we create a second VPN tunnel to the same encryption domain to add resilience. And what would be the best way to handle two paths of the newtork in India.

Any suggestions answers would be appreciated.

Regards

Chris Morrall

WCI Group

 

[BryGuy]

We added a second WIC in our cisco 2600 router (from our isp). One wic for each ISP. Then set 2 "default routes" in your router, and don't mess with the fw.

You could also use Radware devices (linkproofs) to do the same thing.

I don't think you could build 2 VPNs with the same network on both ends, your SA would continuously be deleted / recreated from one to the other.