topic Re: Site to Site VPN with 3rd party DAIP Gateway(Strongswan IPSec in Ubuntu) with RSA Auth in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-with-3rd-party-DAIP-Gateway-Strongswan-IPSec-in/m-p/202621#M38125 <P>Can you help me with your configuration settings? I'm trying but with no success.</P> Tue, 09 Jan 2024 17:10:00 GMT Kalloww00 2024-01-09T17:10:00Z Site to Site VPN with 3rd party DAIP Gateway(Strongswan IPSec in Ubuntu) with RSA Auth https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-with-3rd-party-DAIP-Gateway-Strongswan-IPSec-in/m-p/197935#M37005 <P>I have tested the site to site vpn between checkpoint and DAIP gateway(Strongswan ipsec in Ubuntu) with RSA auth in lab and able to bring the tunnel up.</P><P>During the testing I encountered below issue on Strongswan ipsec side,</P><UL><LI>Checkpoint is sending MM packet 6, but Strongswan ipsec is dropping with error “no trusted RSA public key found for &lt;ip address&gt;”.</LI><LI>The Strongswan ipsec is expecting the peer identity(peer IP in my case) to be present on checkpoint certificate's Subject Alternate Name.</LI><LI>The checkpoint default certificate will have CN as hostname and SAN as management IP.</LI><LI>I resolved it by creating new certificate with SAN contains identity IP.</LI><LI>In checkpoint only one internal_ca signed certificate can be created for IPsec, So to create new certificate I used 3rd party CA.</LI></UL><P>&nbsp;</P><P>My query is about adding new 3rd party signed certificate on gateway ipsec properties, can it cause any issue to existing vpn? As per my understanding it should not cause negative impact. Please clarify whether my understanding is correct or wrong.</P><P>&nbsp;</P> Tue, 14 Nov 2023 16:18:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-with-3rd-party-DAIP-Gateway-Strongswan-IPSec-in/m-p/197935#M37005 Pavan_Kumar 2023-11-14T16:18:46Z Re: Site to Site VPN with 3rd party DAIP Gateway(Strongswan IPSec in Ubuntu) with RSA Auth https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-with-3rd-party-DAIP-Gateway-Strongswan-IPSec-in/m-p/197957#M37009 <P>It shouldn't, no.</P> Wed, 15 Nov 2023 00:40:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-with-3rd-party-DAIP-Gateway-Strongswan-IPSec-in/m-p/197957#M37009 PhoneBoy 2023-11-15T00:40:47Z Re: Site to Site VPN with 3rd party DAIP Gateway(Strongswan IPSec in Ubuntu) with RSA Auth https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-with-3rd-party-DAIP-Gateway-Strongswan-IPSec-in/m-p/197964#M37011 <P>Thanks for clearing my doubt..</P> Wed, 15 Nov 2023 05:38:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-with-3rd-party-DAIP-Gateway-Strongswan-IPSec-in/m-p/197964#M37011 Pavan_Kumar 2023-11-15T05:38:17Z Re: Site to Site VPN with 3rd party DAIP Gateway(Strongswan IPSec in Ubuntu) with RSA Auth https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-with-3rd-party-DAIP-Gateway-Strongswan-IPSec-in/m-p/202621#M38125 <P>Can you help me with your configuration settings? I'm trying but with no success.</P> Tue, 09 Jan 2024 17:10:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-with-3rd-party-DAIP-Gateway-Strongswan-IPSec-in/m-p/202621#M38125 Kalloww00 2024-01-09T17:10:00Z