Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NGX route based VPN

Status
Not open for further replies.

rn4it

MIS
Nov 7, 2002
671
CA
Has any one used NGXR60 or better Route based VPN's? I'm currently working on it, just wondering any comments you may have on it.
 
I have done both. NGX is one of the easiest VPN solutions I have ever installed. Route based VPN's can be a bit daunting. You need 3 site for your tunnel, A B C you have to create 2 routes per site,

Example A to B, A to C then B and finally C. Once you have the VTI defined, it works pretty well....
 
Thanks ssgduff, we ended up not doing it the site that we were looking into it for had a WAN connection which they wanted to be their primary connection and have their VPN be the back up. The problem is I control their FW and another group controls the FW they connect to. This brought a number of complexities and challenges to get it working.
 
Anyone have a good definition for 'route based vpn's. I've done lots of work with Checkpoint and VPN's using traditional vpn's, but I'm a little unclear as to what these route based vpns are all about !...help

 
From NGX_R60_VPN_Networking_Overview.pdf

>>In NGX, Check Point introduces a new method for setting up VPNs. This method is called
Route Based VPN. In Route Based VPN, there is no need to define VPN Domains, instead
only VPN Tunnels need to be defined. What controls the VPN routing is the native IP
routing. VPN tunnels are represented using VTIs. These VTIs enable IP routing to control
the VPN. VTIs are virtual interfaces defined on the VPN-1 Pro module. Each VTI is
associated with a VPN peer gateway, and any traffic routed through such an interface is
automatically encapsulated and sent to the associated peer gateway. Any traffic received from the associated peer gateway appears to be coming through the VTI. This configuration
behaves exactly as if it were connected to the peer gateway over a point-to-point link,
represented by the VPN Tunnel Interface.<<
 
Great response, so......do I need to define the peer gateway object and encryption details in the SmartConsole as I would normal do ? or is this taken care of during the creation of the VTI?

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top