Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCNP (Professional)
Site to Site security.
DevilWAH
OK jsut wondering how different people do things.
Lets say I have a HQ site and a branch office.
at the branch office I have a single router.
at the HQ I have a external router, and a (checkpoint) firewall sitting inside that.
I want a secure connections to tunnel all traffic from the branch site to the HQ, and I want all traffic to pass through the firewall that destined for internal HQ networks and branch to the outside.
So as I see it there are a few ways to do this.
Set up standard IPSEC-VPN between the HQ and branch router,
or set up a GRE tunnel between the two with IPSEC protections,
(and then uses ACL and Route maps to insure traffic from the internet and branch site pass through the firewall)
Or I could set up the firewall to be the end point for the VPN,
And then of course you could go on to create virtual firewalls or routers to improve the logical layout. I am just wondering the "best" way, or most standard if you like.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
SteveO86
I'm a big of DMVPN, or a GRE with tunnel protection. A IPSec Crypto-maps are on the bottom of my list.
Routing updates makes all the difference.
networker050184
If it's just a site with a single VPN path to the HQ I'd just go IPSEC VPN. No need to over complicate it or use routing protocols if there isn't a need IMO. It's not like there is anywhere else to failover to in the event of a failure.
DevilWAH
My main issue is the FW sits on the inside of the router, So even with an IPSEC VPN between the two routers I would still need to force traffic from the Branch to the Internet to go though the FW using route policies.
I am sure I am missing some thing really simple but getting Checkpoint FW's to form a stable VPN to a cisco router is not as easy as I would expect. I wish you could set up encrypted tunnels like GRE between Checkpoint and branch sites. Or maybe you can but I dont see how.
DevilWAH
Possible, in the long term defiantly.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
