Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Libin_Thomas
Contributor

Site to Site vpn with 3rd party DAIP gateway

why checkpoint is not allowing to use preshared key for the DAIP gateway or 3rd party gateway. i know it works only with a certificate but is there any future release for this feature. other competitors are compatible with PSK if the remote is DAIP 

Preshared key is supported on embeded gaia for Daip gateway but not in main stream gaia.

4 Replies
PhoneBoy
Admin
Admin

Using an IPsec Pre-Shared Key with a dynamic IP endpoint has additional security risks, mainly because of the need to use IKE Aggressive Mode for authentication, which sends some key information "in the clear."

Refer to the following articles for more information:

As such, at least for the Enterprise products, we require certificates to be used when a VPN endpoint is dynamic.

Embedded Gaia only supports IPsec on a dynamic IP endpoint when it is self-managed.

anstelios
Collaborator

Can you please direct me to a document describing configuration for certificate based site-to-site VPN with 3rd party vendor (Fortigate in our case) because it seems I'm not able to find related documentation..

0 Kudos
G_W_Albrecht
Legend
Legend

Your question is answered her: sk36968: Cannot establish VPN tunnel with 3rd Party DAIP using Pre-shared Secret

and it gives the statement:

For information about how to configure VPN between Check Point and Cisco DAIP, refer to the "Configuring a VPN with External Security Gateways Using Certificates" in the R80.10 Site To Site VPN Administration Guide

CCSE CCTE CCSM SMB Specialist
0 Kudos
G_W_Albrecht
Legend
Legend

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events