https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/7050#M800 <HTML><HEAD></HEAD><BODY><P>why checkpoint is not allowing to use preshared key for the DAIP gateway or 3rd party gateway. i know it works only with a certificate&nbsp;but is there any future release for this feature.&nbsp;other competitors&nbsp;are compatible with PSK if the remote is DAIP&nbsp;</P><P></P><P>Preshared key is supported on&nbsp;embeded&nbsp;gaia&nbsp;for Daip gateway but not in main stream gaia.</P></BODY></HTML> Wed, 04 Oct 2017 07:32:32 GMT Libin_Thomas 2017-10-04T07:32:32Z https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/7050#M800 <HTML><HEAD></HEAD><BODY><P>why checkpoint is not allowing to use preshared key for the DAIP gateway or 3rd party gateway. i know it works only with a certificate&nbsp;but is there any future release for this feature.&nbsp;other competitors&nbsp;are compatible with PSK if the remote is DAIP&nbsp;</P><P></P><P>Preshared key is supported on&nbsp;embeded&nbsp;gaia&nbsp;for Daip gateway but not in main stream gaia.</P></BODY></HTML> Wed, 04 Oct 2017 07:32:32 GMT https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/7050#M800 Libin_Thomas 2017-10-04T07:32:32Z https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/7051#M801 <HTML><HEAD></HEAD><BODY><P>Using an IPsec Pre-Shared Key with a dynamic IP endpoint has additional security risks, mainly because of the need to use IKE Aggressive Mode for authentication, which sends some key information "in the clear."</P><P>Refer to the following articles for more information:</P><UL><LI><A class="link-titled" href="https://blog.webernetz.net/2015/01/19/considerations-about-ipsec-pre-shared-keys-psks/" title="https://blog.webernetz.net/2015/01/19/considerations-about-ipsec-pre-shared-keys-psks/">Considerations about IPsec Pre-Shared Keys | Blog Webernetz.net</A>&nbsp;</LI><LI><A class="link-titled" href="https://security.stackexchange.com/questions/76444/what-are-the-practical-risks-of-using-ike-aggressive-mode-with-a-pre-shared-key" title="https://security.stackexchange.com/questions/76444/what-are-the-practical-risks-of-using-ike-aggressive-mode-with-a-pre-shared-key">vpn - What are the practical risks of using IKE Aggressive mode with a pre-shared key? - Information Security Stack Exch…</A>&nbsp;</LI></UL><P>As such, at least for the Enterprise products, we require certificates to be used when a VPN endpoint is dynamic.</P><P>Embedded Gaia only supports IPsec on a dynamic IP endpoint when it is self-managed.</P></BODY></HTML> Fri, 06 Oct 2017 21:38:35 GMT https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/7051#M801 PhoneBoy 2017-10-06T21:38:35Z https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/80999#M16361 <P><SPAN>Can you please direct me to a document describing configuration for certificate based site-to-site VPN with 3rd party vendor (Fortigate in our case) because it seems I'm not able to find related documentation..</SPAN></P> Mon, 06 Apr 2020 15:32:25 GMT https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/80999#M16361 anstelios 2020-04-06T15:32:25Z https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/81005#M16362 <P>Your question is answered her:&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk36968&amp;partition=Advanced&amp;product=IPSec" target="_blank">sk36968: Cannot establish <STRONG>VPN</STRONG> tunnel with <STRONG>3rd</STRONG> <STRONG>Party</STRONG> DAIP using Pre-shared Secret</A></P> <P>and it gives the statement:</P> <P><STRONG>For information about how to configure VPN between Check Point and Cisco DAIP, refer to the "Configuring a VPN with External Security Gateways Using Certificates" in the <A href="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_SitetoSiteVPN_AdminGuide/html_frameset.htm" target="_blank" rel="noopener">R80.10 Site To Site VPN Administration Guide</A></STRONG></P> Mon, 06 Apr 2020 16:41:01 GMT https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/81005#M16362 G_W_Albrecht 2020-04-06T16:41:01Z https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/81007#M16363 <P>I also found it on CheckMates:&nbsp;<A href="https://community.checkpoint.com/t5/General-Management-Topics/Checkpoint-to-Fortinet-VPN/m-p/13915#M2468" target="_blank">https://community.checkpoint.com/t5/General-Management-Topics/Checkpoint-to-Fortinet-VPN/m-p/13915#M2468</A></P> Mon, 06 Apr 2020 16:44:33 GMT https://community.checkpoint.com/t5/General-Topics/Site-to-Site-vpn-with-3rd-party-DAIP-gateway/m-p/81007#M16363 G_W_Albrecht 2020-04-06T16:44:33Z