Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Site to Site VPN between Check Point and Cradlepoint

Jump to solution

Has anyone done a site to site VPN between a Check Point (DC) and Cradlepoint (remote) appliance? If so, I was just looking for feedback, steps taken, and things to look out for. Even better if it was accomplished using a dynamic IP on the Cradlepoint end.

0 Kudos
1 Solution
3 Replies
Highlighted
Contributor

Thanks, that is helpful! The remote side will need to be a dynamic external IP. I seem to recall reading somewhere that you have to do a cert instead of a PSK for dynamic. Is that the case, and any input on how to do that?

0 Kudos
Highlighted
Champion
Champion

You are correct, for a dynamic peer a cert is required along with the use of 3 packet Aggressive Mode instead of the more commonly-used 6 packet Main Mode exchange for IKEv1.  Can't recall ever doing a dynamic peer VPN with IKEv2 but it may be more flexible in this case, although interoperability between different vendors using IKEv2 is still a bit spotty right now.  See the following SK for links to an example configuration:

sk36968 - S2S VPN between Check Point Security gateway and Cisco DAIP

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos