Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 6330 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN and Checkpoint FW-1

dwolters
anyone know if the VPN can connect to the CP-FW1 firewall?

thx Dirk


This thread was automatically locked due to age.
Parents
  • 0
    Yes,
    you have to disable the PFS and it should be up and running.

    kind regards
    gert
  • 0 in reply to Gert Hansen
    Hi,

    only with 3DES strong encryption :-)

    o|iver
  • 0 in reply to oliver.desch
    Hi,

    Does anyone know what needs to be done to be able to connect to Firewall-1 using a SecuRemote client on a PC behind the ASL. I have NO access to the Firewall-1 box, only an IKE userid and password to establish a VPN connection to it.

    Any help would be appreciated - thanks in advance.
  • 0 in reply to mitsa
    When I try and set up a vpn between a Checkpoint 4.0 and ASL I get this message from ASL

    000 interface ipsec0/eth0 192.168.1.1
    000 interface ipsec1/eth1 64.170.190.92
    000  
    000 "Brian_To_Tv_1":192.168.1.0/24===64.170.1     90.92--64.170.190.1...
    000 "Brian_To_Tv_1": ...208.179.231.186===10.     1.1.0/24
    000 "Brian_To_Tv_1":   ike_life:3600s;       ipsec_life: 28800s; rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
    000 "Brian_To_Tv_1":   policy: PSK+ENCRYPT+TUNNEL; interface: eth1; trap erouted
    000 "Brian_To_Tv_1":   newest ISAKMP SA: #988; newest IPsec SA: #0; eroute owner: #0
    000  
    000 #1051: "Brian_To_Tv_1" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 16s
    000 #988: "Brian_To_Tv_1" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 1030s; newest ISAKMP


    And this message from Checkpoint:


    ISAKMP   Log sent notification :  Invalid Id information  Nogotiation Id : 84d47594


    Does anyone know what the problem is 
    Thanks in advance
Reply
  • 0 in reply to mitsa
    When I try and set up a vpn between a Checkpoint 4.0 and ASL I get this message from ASL

    000 interface ipsec0/eth0 192.168.1.1
    000 interface ipsec1/eth1 64.170.190.92
    000  
    000 "Brian_To_Tv_1":192.168.1.0/24===64.170.1     90.92--64.170.190.1...
    000 "Brian_To_Tv_1": ...208.179.231.186===10.     1.1.0/24
    000 "Brian_To_Tv_1":   ike_life:3600s;       ipsec_life: 28800s; rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
    000 "Brian_To_Tv_1":   policy: PSK+ENCRYPT+TUNNEL; interface: eth1; trap erouted
    000 "Brian_To_Tv_1":   newest ISAKMP SA: #988; newest IPsec SA: #0; eroute owner: #0
    000  
    000 #1051: "Brian_To_Tv_1" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 16s
    000 #988: "Brian_To_Tv_1" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 1030s; newest ISAKMP


    And this message from Checkpoint:


    ISAKMP   Log sent notification :  Invalid Id information  Nogotiation Id : 84d47594


    Does anyone know what the problem is 
    Thanks in advance
Children
  • 0 in reply to bbolokofsky
    >Yes,
    >you have to disable the PFS and it should >be up and running.
    >kind regards
    >gert 

    What is PFS and how do I turn it off
  • 0 in reply to grimphyre
    Hi grimphyre, 

    PFS stands for Perfect Forwarding Secrecy.
    It is an option during the rekeying process, to make sure that two keys generated by the the vpn are complete independet.
    This makes it harder to calculate the keys.

    Sometimes this option leads to interoperability problems like with checkpoint.

    You can disable it in the WebAdmin Interface under WebAdmin > VPN > IPSEC Configuration while creating or editing a connection.

    Kind Regards
    Gert
Unfiltered HTML