Forum Discussion
kenny_keng_7131
Dec 11, 2008Nimbostratus
Posted By keith_richards on 05/10/2008 7:41 AM
Yes, I have seen this working between Check Point Firewall-1 gateways - even works with path probing so the VPN can failover between ISPs. I think that you would be best sending IKE negotiation debug info to a Juniper forum and see if that shows up an issue. There isn't an inherent reason why an IPsec VPN can't work through Link Controllers.
To get the F5 to load balance IPSEC packets to and from the firewall you need to create Performance (Layer 4) type of virtual server and made sure that it was set to allow any protocol.
hi keith_richards,
we meet the same problem with checkpoint and F5 LC
our condition: LC has 2 wan link and do NAT job. Checkpoint outside interface use private ip address . we use static NAT ip address at VPN setup in checkpoint.
it can be working ,but can not failover.
as you mentioned : even works with path probing so the VPN can failover between ISPs.
could you please share you configure about checkpoint vpn Configure ?
Thank you very much.