Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kevin_Orrison
Collaborator
Jump to solution

Site to Site VPN between Check Point and Cradlepoint

Has anyone done a site to site VPN between a Check Point (DC) and Cradlepoint (remote) appliance? If so, I was just looking for feedback, steps taken, and things to look out for. Even better if it was accomplished using a dynamic IP on the Cradlepoint end.

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
3 Replies
HeikoAnkenbrand
Champion Champion
Champion

Hi @Kevin_Orrison

Take a look at this sk, it might help you:

sk53980: How to set up a Site-to-Site VPN with a 3rd-party remote gateway
sk108600: VPN Site-to-Site with 3rd party

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Kevin_Orrison
Collaborator

Thanks, that is helpful! The remote side will need to be a dynamic external IP. I seem to recall reading somewhere that you have to do a cert instead of a PSK for dynamic. Is that the case, and any input on how to do that?

0 Kudos
Timothy_Hall
Legend Legend
Legend

You are correct, for a dynamic peer a cert is required along with the use of 3 packet Aggressive Mode instead of the more commonly-used 6 packet Main Mode exchange for IKEv1.  Can't recall ever doing a dynamic peer VPN with IKEv2 but it may be more flexible in this case, although interoperability between different vendors using IKEv2 is still a bit spotty right now.  See the following SK for links to an example configuration:

sk36968 - S2S VPN between Check Point Security gateway and Cisco DAIP

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events