Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Site to Site vpn with 3rd party DAIP gateway

why checkpoint is not allowing to use preshared key for the DAIP gateway or 3rd party gateway. i know it works only with a certificate but is there any future release for this feature. other competitors are compatible with PSK if the remote is DAIP 

Preshared key is supported on embeded gaia for Daip gateway but not in main stream gaia.

4 Replies
Highlighted
Admin
Admin

Re: Site to Site vpn with 3rd party DAIP gateway

Using an IPsec Pre-Shared Key with a dynamic IP endpoint has additional security risks, mainly because of the need to use IKE Aggressive Mode for authentication, which sends some key information "in the clear."

Refer to the following articles for more information:

As such, at least for the Enterprise products, we require certificates to be used when a VPN endpoint is dynamic.

Embedded Gaia only supports IPsec on a dynamic IP endpoint when it is self-managed.

Highlighted

Re: Site to Site vpn with 3rd party DAIP gateway

Can you please direct me to a document describing configuration for certificate based site-to-site VPN with 3rd party vendor (Fortigate in our case) because it seems I'm not able to find related documentation..

0 Kudos
Highlighted
Sapphire

Re: Site to Site vpn with 3rd party DAIP gateway

Your question is answered her: sk36968: Cannot establish VPN tunnel with 3rd Party DAIP using Pre-shared Secret

and it gives the statement:

For information about how to configure VPN between Check Point and Cisco DAIP, refer to the "Configuring a VPN with External Security Gateways Using Certificates" in the R80.10 Site To Site VPN Administration Guide

0 Kudos
Highlighted
Sapphire

Re: Site to Site vpn with 3rd party DAIP gateway

0 Kudos