This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Kevin_Orrison
Contributor
‎2020-07-17 02:59 PM

Site to Site VPN between Check Point and Cradlepoint

Jump to solution

Has anyone done a site to site VPN between a Check Point (DC) and Cradlepoint (remote) appliance? If so, I was just looking for feedback, steps taken, and things to look out for. Even better if it was accomplished using a dynamic IP on the Cradlepoint end.

0 Kudos
Reply
1 Solution

Accepted Solutions
3 Replies
Kevin_Orrison
Contributor
‎2020-07-20 08:54 AM
In response to HeikoAnkenbrand

Jump to solution

Thanks, that is helpful! The remote side will need to be a dynamic external IP. I seem to recall reading somewhere that you have to do a cert instead of a PSK for dynamic. Is that the case, and any input on how to do that?

0 Kudos
Reply
Timothy_Hall
Champion
Champion
‎2020-07-20 10:56 AM
In response to Kevin_Orrison

Jump to solution

You are correct, for a dynamic peer a cert is required along with the use of 3 packet Aggressive Mode instead of the more commonly-used 6 packet Main Mode exchange for IKEv1.  Can't recall ever doing a dynamic peer VPN with IKEv2 but it may be more flexible in this case, although interoperability between different vendors using IKEv2 is still a bit spotty right now.  See the following SK for links to an example configuration:

sk36968 - S2S VPN between Check Point Security gateway and Cisco DAIP

 

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply