cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1895
Views
0
Helpful
3
Replies
Beginner

Site to site VPN between cisco asa 5550 and checkpoint r75

Hi all ,

below is cisco asa config for our customer end:

crypto ipsec transform-set chello-transform esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 3600

crypto ipsec security-association lifetime kilobytes 4608000

crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400

What should i configure on checkpoint for first phase and second phase ?

Regards,

Suhail

3 REPLIES 3
Enthusiast

Site to site VPN between cisco asa 5550 and checkpoint r75

In checkpoint VPN community, default setting for phase 1 is 86400 seconds so you're good there.  Phase II default is 28,800 so  you need to edit the parameter and change it to 3600.  the rest is the same as cisco with the exception of the lifetime in kilobytes which CP does not have

Easy right?

Highlighted
Beginner

Site to site VPN between cisco asa 5550 and checkpoint r75

its already set to 3600 by default , all i need to know is what shall i use in phase 1 : sha 1 , sha6 , 3des , aes 256

what shall i use in phase 2: sha 1 , sha6 , 3des , aes 256

Regards,

Suhail

Enthusiast

Site to site VPN between cisco asa 5550 and checkpoint r75

both sides need to be identical.  Whatever you set on the Cisco side, you do the same thing on Checkpoint R75 in the VPN community section