Cisco to CheckpointR75.40 VPN

DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
I wanted to check before I hashed something together to get it to work, as Checkpoint is not my strong point.

I need to set up some cisco routers at branch stations, with a Checkpoint gateway as the VPN end points. I am fine doing CISCO to CISCO VPN's with pre-shared keys, so I was just wondering is there any issues to look out for between Cisco and checkpoint. Or can any one point me in the direction of an updated guide for this please.

Cheers

DevilWAH
  • If you can't explain it simply, you don't understand it well enough. Albert Einstein
  • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.

Comments

  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    Its OK I think, this guy seems to have written some nice instructions

    note paper: IPSec VPN between Check Point and Cisco Router
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • m3zillam3zilla Member Posts: 172
    I've setup quite a few VPN tunnels between R75.40 appliance and ASA, and they are usually pretty straight forward. However, I did run into a problem with one of our remote campus running R75.40, peering to an ASA5540. The tunnel would come up, but it would randomly drop traffic.

    After looking at the logs, and a bit of research, I ended up with a registry change mentioned in sk42315 which fixed the problem. It essentially has to do with how CheckPoint handles the P1/P2 refresh as oppose to Cisco. CheckPoint renew P2 when it renew P1, while ASA treat each one separately.
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    Quick question.

    In CISCO you can set up a site to site VPN, where you list the intresting traffic using Access lists to determin what traffic goes through the VPN. and this seems to be the way you can do things using a star VPN topology.

    however another method is to create a GRE tunnel that you then encrypt. this has the beafit of presenting an inter face that any traffic is directed to, rather than having to classifies traffic using lists.

    Is this some thing that can be done with check point to cisco?
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Sign In or Register to comment.