This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kevin_Orrison
Collaborator
‎2020-07-17 02:59 PM
Jump to solution

Site to Site VPN between Check Point and Cradlepoint

Has anyone done a site to site VPN between a Check Point (DC) and Cradlepoint (remote) appliance? If so, I was just looking for feedback, steps taken, and things to look out for. Even better if it was accomplished using a dynamic IP on the Cradlepoint end.

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion
Champion
‎2020-07-17 10:03 PM
Jump to solution

Hi @Kevin_Orrison

Take a look at this sk, it might help you:

sk53980: How to set up a Site-to-Site VPN with a 3rd-party remote gateway
sk108600: VPN Site-to-Site with 3rd party


➜ CCSM Elite, CCME, CCTE

View solution in original post

3 Replies
HeikoAnkenbrand
Champion
Champion
‎2020-07-17 10:03 PM
Jump to solution

Hi @Kevin_Orrison

Take a look at this sk, it might help you:

sk53980: How to set up a Site-to-Site VPN with a 3rd-party remote gateway
sk108600: VPN Site-to-Site with 3rd party


➜ CCSM Elite, CCME, CCTE
Kevin_Orrison
Collaborator
‎2020-07-20 08:54 AM
In response to HeikoAnkenbrand
Jump to solution

Thanks, that is helpful! The remote side will need to be a dynamic external IP. I seem to recall reading somewhere that you have to do a cert instead of a PSK for dynamic. Is that the case, and any input on how to do that?

0 Kudos
Timothy_Hall
Champion
Champion
‎2020-07-20 10:56 AM
In response to Kevin_Orrison
Jump to solution

You are correct, for a dynamic peer a cert is required along with the use of 3 packet Aggressive Mode instead of the more commonly-used 6 packet Main Mode exchange for IKEv1.  Can't recall ever doing a dynamic peer VPN with IKEv2 but it may be more flexible in this case, although interoperability between different vendors using IKEv2 is still a bit spotty right now.  See the following SK for links to an example configuration:

sk36968 - S2S VPN between Check Point Security gateway and Cisco DAIP

 

Watch My 2023 CPX360 Speech Titled "Max Power
Reloaded: R81+ Gateway Performance Innovations"
0 Kudos