This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kevin_Orrison
Collaborator
‎2020-07-17 02:59 PM
Jump to solution

Site to Site VPN between Check Point and Cradlepoint

Has anyone done a site to site VPN between a Check Point (DC) and Cradlepoint (remote) appliance? If so, I was just looking for feedback, steps taken, and things to look out for. Even better if it was accomplished using a dynamic IP on the Cradlepoint end.

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
‎2020-07-17 10:03 PM
Jump to solution

Hi @Kevin_Orrison

Take a look at this sk, it might help you:

sk53980: How to set up a Site-to-Site VPN with a 3rd-party remote gateway
sk108600: VPN Site-to-Site with 3rd party

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

3 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2020-07-17 10:03 PM
Jump to solution

Hi @Kevin_Orrison

Take a look at this sk, it might help you:

sk53980: How to set up a Site-to-Site VPN with a 3rd-party remote gateway
sk108600: VPN Site-to-Site with 3rd party

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Kevin_Orrison
Collaborator
‎2020-07-20 08:54 AM
In response to HeikoAnkenbrand
Jump to solution

Thanks, that is helpful! The remote side will need to be a dynamic external IP. I seem to recall reading somewhere that you have to do a cert instead of a PSK for dynamic. Is that the case, and any input on how to do that?

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-07-20 10:56 AM
In response to Kevin_Orrison
Jump to solution

You are correct, for a dynamic peer a cert is required along with the use of 3 packet Aggressive Mode instead of the more commonly-used 6 packet Main Mode exchange for IKEv1.  Can't recall ever doing a dynamic peer VPN with IKEv2 but it may be more flexible in this case, although interoperability between different vendors using IKEv2 is still a bit spotty right now.  See the following SK for links to an example configuration:

sk36968 - S2S VPN between Check Point Security gateway and Cisco DAIP

 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events