This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pavan_Kumar
Contributor
‎2023-11-14 08:18 AM
Jump to solution

Site to Site VPN with 3rd party DAIP Gateway(Strongswan IPSec in Ubuntu) with RSA Auth

I have tested the site to site vpn between checkpoint and DAIP gateway(Strongswan ipsec in Ubuntu) with RSA auth in lab and able to bring the tunnel up.

During the testing I encountered below issue on Strongswan ipsec side,

  • Checkpoint is sending MM packet 6, but Strongswan ipsec is dropping with error “no trusted RSA public key found for <ip address>”.
  • The Strongswan ipsec is expecting the peer identity(peer IP in my case) to be present on checkpoint certificate's Subject Alternate Name.
  • The checkpoint default certificate will have CN as hostname and SAN as management IP.
  • I resolved it by creating new certificate with SAN contains identity IP.
  • In checkpoint only one internal_ca signed certificate can be created for IPsec, So to create new certificate I used 3rd party CA.

 

My query is about adding new 3rd party signed certificate on gateway ipsec properties, can it cause any issue to existing vpn? As per my understanding it should not cause negative impact. Please clarify whether my understanding is correct or wrong.

 

0 Kudos
1 Solution

Accepted Solutions
3 Replies
Pavan_Kumar
Contributor
‎2023-11-14 09:36 PM
In response to PhoneBoy
Jump to solution

Thanks for clearing my doubt..

0 Kudos
Kalloww00
Explorer
‎2024-01-09 09:10 AM
Jump to solution

Can you help me with your configuration settings? I'm trying but with no success.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top