Checkpoint to Gauntlet VPN Configuration
Dechant, Troy
tdechant at FIRSTAM.COM
Mon May 15 15:54:28 EDT 2000
Hello All !!!
I have been tasked with setting up a VPN tunnel between a Checkpoint v4.0
SP3 (my side) and a Gauntlet v5.5 firewall (the customer's side). I have
taken a first stab at it and still have had no success.
I have configured both objects in Checkpoint as having the following
encryption properties -
ISAKMP/OAKLEY
3DES
MD5 Hash
Pre-shared secrets
Supports Aggressive Mode option disabled
ESP Transform enabled
Use Perfect Forward Secrecy disabled
The Gauntlet firewall configuration is as follows -
IPSEC with IKE
Pre-shared secrets
3DES
MD5
DH Group 1024
Perfect Forward Secrecy disabled
In addition to the normal Checkpoint VPN ports (ESP protocol type 50 &
TCP/264), I have also opened up AH (protocol type 51) and ISAKMP (UDP/500)
between the two firewalls.
When I attempt to establish the VPN tunnel, the only thing that shows up in
my logs is an accept from the Gauntlet firewall on the ISAKMP port
(UDP/500). No traffic is seen by the firewall as being encrypted. A snoop
of the external interface only shows traffic on UDP/500. The Checkpoint
logs never record anything and encryption never appears.
Any help would be greatly appreciated. I have searched the Internet and am
having problems locating any configuration examples for the above scenarios.
Thanks in advance for any help that you can provide !!
> Troy Dechant
> Sr. Technical Specialist Network Design
> First American Real Estate Information Services, Inc.
> tdechant at firstam.com
>
>
>
>
>
>
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list