topic Re: Retrieving VPN Encryption and Authentication Keys for S2S VPN in Firewall and Security Management

Retrieving VPN Encryption and Authentication Keys for S2S VPN

abdultayyeb — Thu, 30 Sep 2021 14:41:08 GMT

Hey there,

I was just wondering whether do we have a method in Check Point GW to retrieve the actual encryption key and authentication key for a given IPSec S2S VPN? I am trying to decrypt an ESP TCPDUMP in Wireshark tool with the help of actual keys.

There is a way in Fortinet FW which I know of to retrieve the encryption & authentication keys so that we can the ESP packets decrypted in Wireshark. I am just trying to figure out whether this is possible in Check Point or not? Or do we have to take VPND (User space) debugs for that?

Thanks in advance!

Re: Retrieving VPN Encryption and Authentication Keys for S2S VPN

the_rock — Thu, 30 Sep 2021 14:48:21 GMT

Since you are a CP employee, you can search way more that any of us can in cp support site, but from research I did and my knowledge of CP, I never heard this being possible. I dont believe that even past R60 or even R55, you can find out actual PSK any more.

Re: Retrieving VPN Encryption and Authentication Keys for S2S VPN

PhoneBoy — Thu, 30 Sep 2021 21:58:33 GMT

VPN/IKE debugs are the way to go here.