Checkpoint to Gauntlet VPN Configuration

Dechant, Troy tdechant at FIRSTAM.COM
Thu May 18 10:23:56 EDT 2000 

Thanks Everyone for all of the help !!  I think that you've given me what I
was looking for !!

> Troy Dechant
> Sr. Technical Specialist Network Design
> First American Real Estate Information Services, Inc.
> tdechant at firstam.com
>
> > -----Original Message-----
> > From: Dechant, Troy [mailto:tdechant at FIRSTAM.COM]
> > Sent: Monday, May 15, 2000 3:54 PM
> > To: VPN at SECURITYFOCUS.COM
> > Subject: Checkpoint to Gauntlet VPN Configuration
> >
> > Hello All !!!
> >
> > I have been tasked with setting up a VPN tunnel between a Checkpoint
> v4.0
> > SP3 (my side) and a Gauntlet v5.5 firewall (the customer's side).  I
> have
> > taken a first stab at it and still have had no success.
> >
> > I have configured both objects in Checkpoint as having the following
> > encryption properties -
> >
> > ISAKMP/OAKLEY
> > 3DES
> > MD5 Hash
> > Pre-shared secrets
> > Supports Aggressive Mode option disabled
> > ESP Transform enabled
> > Use Perfect Forward Secrecy disabled
> >
> > The Gauntlet firewall configuration is as follows -
> >
> > IPSEC with IKE
> > Pre-shared secrets
> > 3DES
> > MD5
> > DH Group 1024
> > Perfect Forward Secrecy disabled
> >
> > In addition to the normal Checkpoint VPN ports (ESP protocol type 50 &
> > TCP/264), I have also opened up AH (protocol type 51) and ISAKMP
> (UDP/500)
> > between the two firewalls.
> >
> > When I attempt to establish the VPN tunnel, the only thing that shows up
> in
> > my logs is an accept from the Gauntlet firewall on the ISAKMP port
> > (UDP/500).  No traffic is seen by the firewall as being encrypted.  A
> snoop
> > of the external interface only shows traffic on UDP/500.  The Checkpoint
> > logs never record anything and encryption never appears.
> >
> > Any help would be greatly appreciated.  I have searched the Internet and
> am
> > having problems locating any configuration examples for the above
> scenarios.
> > Thanks in advance for any help that you can provide !!
> >
> > > Troy Dechant
> > > Sr. Technical Specialist Network Design
> > > First American Real Estate Information Services, Inc.
> > > tdechant at firstam.com
> > >
> > >
> > >
> > >
> > >
> > >
> >
> > VPN is sponsored by SecurityFocus.COM
> >
> > VPN is sponsored by SecurityFocus.COM
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list