VPN tunnel between ASA5520 and Check Point

SERGIO L · ‎11-04-2010

I’ve been tasked to establish a VPN tunnel between our ASA5520 and another merging company with a Check Point on Nokia platform. I’ve got a list of IKE and IPSEC parameters from the Check Point unit and it’s external IP Address. There’s also a pre-shared key that I need to share. Another requirement is that since both companies have similar subnets, I would have to NAT all traffic over this tunnel.

My question is what do I need to configure on my ASA5520 to get this VPN tunnel established and how do I confirm that my portion is functional? Is there documentation that Cisco can provide as a reference?

Federico Coto Fajardo · ‎11-04-2010

Hi,

You can access ASDM and following the IPsec Site-to-Site VPN which will guide you ste-by-step to configure the tunnel.

Or you can always use the CLI.

Here's a guide:

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a9a7a3.shtml

Federico.

SERGIO L · ‎11-04-2010

I need to NAT my host 10.10.1.25 to 10.90.7.25. How do I do this?

Federico Coto Fajardo · ‎11-04-2010

Hi,

Normally you don't NAT the VPN traffic, but if you need to NAT you do the following:

access-list NAT permit ip host 10.10.1.25 REMOTE_LAN

static (inside,outside) 10.90.7.25 access-list NAT

access-list VPN permit ip host 10.90.7.24 REMOTE_LAN

The above configuration uses Policy NAT to translate the internal 10.10.1.25 to 10.90.7.25 when going to REMOTE_LAN

Federico.