This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kristian_Nyquis
Contributor
‎2018-05-13 03:22 AM

Meshed vpn netowrk with shared secret

Hi

I am trying to get a meshed VPN connection working between my 1340 (R77.20.1) and my central gateway (R80.10). I can not get the certificate login to work ( getting a Failed Log in) so I wanted to test to use Shared Secret.

Any one having a guide how to configure a meshed vpn network with Shared Secret?

In my system I do not have the option to create a shared secret in my R80.10 system, do i need to do perform something before I do this step?

4 Replies
Simon_Garay
Contributor
‎2018-05-13 04:26 PM

Hi Kristian, 

To add a shared secret it is necessary to have participants

http://dl3.checkpoint.com/paid/ea/ea41387591dcba2a8d551ba39084e9e6/CP_R80.10_SitetoSiteVPN_AdminGuid... 

Regards

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-13 09:01 PM
In response to Simon_Garay

In addition, the peers must have a fixed IP address to use a pre-shared secret.

If they are configured with Dynamic Address, the gateways MUST authenticate with certificates.

0 Kudos
Kristian_Nyquis
Contributor
‎2018-05-13 11:12 PM
In response to PhoneBoy

Then I need to go with the certificate solution, because i am going to have dhcp on the wan interface on some of the gw:s

0 Kudos
Houssameddine_1
Collaborator
‎2018-05-16 11:06 AM

If both gateways managed by the same management server you can't user pre-shared secret for authentication. the only option is certificate. In your case I believe one of the devices can't reach the management server  to validate the certificate. The gws will reach the management server on TCP port 18264. the issue might be the management server doesn't have a public IP and if the management server has a public IP the 1430 might be trying to reach the private IP of the management server to validate the certificate.

There are couple solutions:

- Change the 1430 to be locally managed or managed by different management server you can use pre-shared key (if the 1430 has static IP)

- Disable CRL fetch mechanism in Guidbedit global or per gw which is not recommended.

- use  3rd party accessible certificate authority

Thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top