[FW1] RE: Checkpoint to Gauntlet VPN Configuration

Thu, 18 May 2000 07:34:24 -0700 



Thanks Everyone for all of the help !!  I think that you've given me what I
was looking for !!

> Troy Dechant
> Sr. Technical Specialist Network Design
> First American Real Estate Information Services, Inc.
> [EMAIL PROTECTED]
> 
> > -----Original Message-----
> > From: Dechant, Troy [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, May 15, 2000 3:54 PM
> > To: [EMAIL PROTECTED]
> > Subject: Checkpoint to Gauntlet VPN Configuration
> >
> > Hello All !!!
> >
> > I have been tasked with setting up a VPN tunnel between a Checkpoint
> v4.0
> > SP3 (my side) and a Gauntlet v5.5 firewall (the customer's side).  I
> have
> > taken a first stab at it and still have had no success.
> >
> > I have configured both objects in Checkpoint as having the following
> > encryption properties -
> >
> > ISAKMP/OAKLEY
> > 3DES
> > MD5 Hash
> > Pre-shared secrets
> > Supports Aggressive Mode option disabled
> > ESP Transform enabled
> > Use Perfect Forward Secrecy disabled
> >
> > The Gauntlet firewall configuration is as follows -
> >
> > IPSEC with IKE
> > Pre-shared secrets
> > 3DES
> > MD5
> > DH Group 1024
> > Perfect Forward Secrecy disabled
> >
> > In addition to the normal Checkpoint VPN ports (ESP protocol type 50 &
> > TCP/264), I have also opened up AH (protocol type 51) and ISAKMP
> (UDP/500)
> > between the two firewalls.
> >
> > When I attempt to establish the VPN tunnel, the only thing that shows up
> in
> > my logs is an accept from the Gauntlet firewall on the ISAKMP port
> > (UDP/500).  No traffic is seen by the firewall as being encrypted.  A
> snoop
> > of the external interface only shows traffic on UDP/500.  The Checkpoint
> > logs never record anything and encryption never appears.
> >
> > Any help would be greatly appreciated.  I have searched the Internet and
> am
> > having problems locating any configuration examples for the above
> scenarios.
> > Thanks in advance for any help that you can provide !!
> >
> > > Troy Dechant
> > > Sr. Technical Specialist Network Design
> > > First American Real Estate Information Services, Inc.
> > > [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> > >
> > >
> >
> > VPN is sponsored by SecurityFocus.COM
> >
> > VPN is sponsored by SecurityFocus.COM
> 
> VPN is sponsored by SecurityFocus.COM


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to