I have very simple site-2-site VPN setup:
Site A is my company A running on a single Cisso VXR7206 IOS version 12.3(T). network behind my company is 192.168.1.0/24
Site B is company B running a pair of Checkpoint Firewall NGx R65. network behind company B is 10.0.0.0/24
Site C is company C running a single Cisco 3845 IOS version 12.4(T). network behind company C is 172.16.1.0/24
Company B and company C do not know each other.
I have a L2L VPN between company A and company B. That one is working fine, just regular L2L IPSec tunnel.
I have a L2L VPN between company A and company C. This is done via an GRE encapsulate inside an IPSec tunnel (i.e. GRE/IPSec),
Everything is working fine. But now my company A want to add redundancy to the L2L VPN between company A and company B and company A and company C.
We are going to add another VXR7206 at Site A. The objective is that if one of the routers at site A crashes, the other will take over without missing a beat.
I can create multiple GRE/IPSec tunnels between company A and company C and use HSRP to control the flow of the traffics between site A and site C and
that the connection will be "stateful" due to the nature of GRE/IPSec.
My issue has to do with the stateful of IPSec between the cisco and Checkpoint firewall. Checkpoint platform the customer use does not support GRE,
only IPSec.
Anyone know how I can resolve this problem?
Thanks in advance.