I explain you, I'm working on a PoC (Proof of Concept) to configure an VPN IPSec tunnel between a Meraki MX65 in one site and Checkpoint 600 in a branch office and I'm having some lack of the knowledge in Security VPN topics.
Here's the thing, the Meraki MX65 has a link provided by an ISP and the IP address in the Internet 2 interface never changes (I configure it manually on that interface) and in the other hand, the the Checkpoint 600 it's behind and Internet Modem, the Phase 1 and Phase 2 of the tunnel it's ok, the NAT it's working ok and the PC's in the subnets announced in the VPN can communicate between them.
But, from the Meraki MX, in the VPN config, I'm pointing to the Internet Modem ip public address, this it's not the right thing to do 'cause this IP address can change anytime the ISP (Telmex) wants, even without notifying me obviously because that's not an dedicated link to the branch,
Reading some Meraki MX documentation, I realized that the MX's uses their hostname to make an easy automatic VPN between appliances with "non-provisioning or config required".
my question is, is there a way to point i create a tunnel using a DDNS or a hostname to point to the Checkpoint 600 instead of using and IP address?
Or how can I can solve this, it'd be neccesary another MX appliance?
I share with all of you and network diagram of the PoC:
If you can help me, I'll really appreciate your help.
Both end needs a static ip as @PhilipDAth said or buy another MX device.
If the remote branch is not that big perhaps consider buying a Z3 if the budget does not allow an MX?