96XX VPN phone connecting to checkpoint firewall

[firespyer]

Running into issues getting the phone talking to the firewall,

Firewall admin provided me a cert in .pem format which I uploaded to the phone

I have set everything up according the the 7 year old documentation available on devconnect.

http://www.devconnectprogram.com/fileMedia/download/b4b11c6b-b784-4269-a77d-9014d9a70c46

The only field I didn't see in the doc was the Auth Type, Which I set to Hybrid XAUTH

I've staticly assigned all of the values into the phone for now, was hoping to get one working and then add it to the 46xxsettings doc.

If anyone has gotten this working recently I would really appreciate any help you can provide.

when trying to connect with the default internal_ca cert I get an error of invalid cert, the firewall admin generate a new user cert for me which I tried and gives an invalid config error.

Values I assigned:
Vendor: checkpoint
gateway: public IP of the firewall
Encap 4500-4500
TOS: no

Auth Type: Hybrid XAUTH
user: "Provided by Firewall admin"
password: save in flash
password "Provided"
IKE ID: Key_ID
IKE exchange: Key_ID
IKE DH: 2
Encrypt: AES-256
Auth: SHA-1
Ike Config: Enabled

IPSEC: No PFS
IPSec Encrypt: 3DES
IPSEC Auth: SHA-1
Protected Network: Provided
IKE OVer TCP: Auto

 

[kyle555]

I find with stuff like this that it helps to packet capture and watch the exchange and see where it fails.