Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NGX route based VPN

Status
Not open for further replies.
rn4it

rn4it

MIS
Nov 7, 2002
671
CA
Has any one used NGXR60 or better Route based VPN's? I'm currently working on it, just wondering any comments you may have on it.
 
Sort by date Sort by votes
I have done both. NGX is one of the easiest VPN solutions I have ever installed. Route based VPN's can be a bit daunting. You need 3 site for your tunnel, A B C you have to create 2 routes per site,

Example A to B, A to C then B and finally C. Once you have the VTI defined, it works pretty well....
 
Upvote 0 Downvote
Thanks ssgduff, we ended up not doing it the site that we were looking into it for had a WAN connection which they wanted to be their primary connection and have their VPN be the back up. The problem is I control their FW and another group controls the FW they connect to. This brought a number of complexities and challenges to get it working.
 
Upvote 0 Downvote
Anyone have a good definition for 'route based vpn's. I've done lots of work with Checkpoint and VPN's using traditional vpn's, but I'm a little unclear as to what these route based vpns are all about !...help

 
Upvote 0 Downvote
From NGX_R60_VPN_Networking_Overview.pdf

>>In NGX, Check Point introduces a new method for setting up VPNs. This method is called
Route Based VPN. In Route Based VPN, there is no need to define VPN Domains, instead
only VPN Tunnels need to be defined. What controls the VPN routing is the native IP
routing. VPN tunnels are represented using VTIs. These VTIs enable IP routing to control
the VPN. VTIs are virtual interfaces defined on the VPN-1 Pro module. Each VTI is
associated with a VPN peer gateway, and any traffic routed through such an interface is
automatically encapsulated and sent to the associated peer gateway. Any traffic received from the associated peer gateway appears to be coming through the VTI. This configuration
behaves exactly as if it were connected to the peer gateway over a point-to-point link,
represented by the VPN Tunnel Interface.<<
 
Upvote 0 Downvote
Great response, so......do I need to define the peer gateway object and encryption details in the SmartConsole as I would normal do ? or is this taken care of during the creation of the VTI?

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
299
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
128
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
367
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
88
WhosYourDiffie
WhosYourDiffie
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
92
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top