- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Has anyone done a site to site VPN between a Check Point (DC) and Cradlepoint (remote) appliance? If so, I was just looking for feedback, steps taken, and things to look out for. Even better if it was accomplished using a dynamic IP on the Cradlepoint end.
Take a look at this sk, it might help you:
sk53980: How to set up a Site-to-Site VPN with a 3rd-party remote gateway
sk108600: VPN Site-to-Site with 3rd party
Take a look at this sk, it might help you:
sk53980: How to set up a Site-to-Site VPN with a 3rd-party remote gateway
sk108600: VPN Site-to-Site with 3rd party
Thanks, that is helpful! The remote side will need to be a dynamic external IP. I seem to recall reading somewhere that you have to do a cert instead of a PSK for dynamic. Is that the case, and any input on how to do that?
You are correct, for a dynamic peer a cert is required along with the use of 3 packet Aggressive Mode instead of the more commonly-used 6 packet Main Mode exchange for IKEv1. Can't recall ever doing a dynamic peer VPN with IKEv2 but it may be more flexible in this case, although interoperability between different vendors using IKEv2 is still a bit spotty right now. See the following SK for links to an example configuration:
sk36968 - S2S VPN between Check Point Security gateway and Cisco DAIP
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY