Checkpoint to Gauntlet VPN Configuration

Dechant, Troy tdechant at FIRSTAM.COM
Mon May 15 15:54:28 EDT 2000


Hello All !!!

I have been tasked with setting up a VPN tunnel between a Checkpoint v4.0
SP3 (my side) and a Gauntlet v5.5 firewall (the customer's side).  I have
taken a first stab at it and still have had no success.

I have configured both objects in Checkpoint as having the following
encryption properties -

ISAKMP/OAKLEY
3DES
MD5 Hash
Pre-shared secrets
Supports Aggressive Mode option disabled
ESP Transform enabled
Use Perfect Forward Secrecy disabled

The Gauntlet firewall configuration is as follows -

IPSEC with IKE
Pre-shared secrets
3DES
MD5
DH Group 1024
Perfect Forward Secrecy disabled

In addition to the normal Checkpoint VPN ports (ESP protocol type 50 &
TCP/264), I have also opened up AH (protocol type 51) and ISAKMP (UDP/500)
between the two firewalls.

When I attempt to establish the VPN tunnel, the only thing that shows up in
my logs is an accept from the Gauntlet firewall on the ISAKMP port
(UDP/500).  No traffic is seen by the firewall as being encrypted.  A snoop
of the external interface only shows traffic on UDP/500.  The Checkpoint
logs never record anything and encryption never appears.

Any help would be greatly appreciated.  I have searched the Internet and am
having problems locating any configuration examples for the above scenarios.
Thanks in advance for any help that you can provide !!

> Troy Dechant
> Sr. Technical Specialist Network Design
> First American Real Estate Information Services, Inc.
> tdechant at firstam.com
>
>
>
>
>
>

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list