Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to set up VPN to other sites in new version of Checkpoint?

Status
Not open for further replies.
lengoo

lengoo

IS-IT--Management
Jan 15, 2002
381
GH
Hi All,
We are in the process of moving offices and now I have a new Nokia IP350 running CP NG (R55) with AI. My previous version was CP NG FP1.
In the old version, I used to use policy editor and set up a site to site VPN by defining remote and local networks and then in Action, I was able to Encrypt and select the relevant encryption protocols. Now, using the new version of the policy editor which is now called Smart Dashboard, in the action column within the rules, there is no Encrypt option to select. Can anyone explain how to set up a site to site VPN?
Also, I used to be able to set up the supported encryption protocols in each gateway but now this is missing also.
Any ideas anyone?
Thanks
 
Sort by date Sort by votes
You have to configure only the Site2Site Community, set a pre-shared Secret, and install a rule from or to the remote net. Make sure both sides have same encryprion configured. Thats all.
 
Upvote 0 Downvote
Thanks Josh
I used the VPN Manager tab and then set up a Mesh topology for each of the sites which I need to connect to. I then put a rule.. is this the way to do it?
 
Upvote 0 Downvote
This is correct. If all your remote sites are using the same VPN properties then you can just add each firewall into the same VPN Community. I usually have hub and spoke topologies and add all the remote sites into the 'remote gateways' section of the community.

In your rules you then just specify the normal security rules and under the 'via' section you can just add the relevent VPN community, although if you leave it as 'any' it will work also. As long as there is a community to define the encryption rules the gateways will establish SA's.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Thanks Chris!!
In the rules bit, do you just leave the VPN column on "Any traffic"?
Is there much of a difference between the star config and the mesh config? Would using mesh instead of Star prevent my VPN from working?
Thanks
 
Upvote 0 Downvote
Just playing around with the Star config for the VPN community. Do i put the central gateway to be that of my own CP firewall and the remote firewall (which happens to be a Cisco PIX) in the satellite gateway section? Or do I put them both in the Central gateway bit?
Thanks again
 
Upvote 0 Downvote
The central firewall would be yours and the satellite would be the remote firewall.

I generally put the VPN community in the rule on the VPN column. It just makes it easier to read through the rule base and know what networks are using what communities.

Chris.


**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2
  • Locked
  • Question
Loss of my privacy
Replies
12
Views
783
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
269
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
286
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
282
intel233
intel233
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
233
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top