03-20-2001 06:09 AM - edited 02-21-2020 11:18 AM
Hello All,
I am trying to get a PIX515 and Checkpoint Firewall 1.0 to talk to each other through IPSEC, using DES, SHA and a pres-shared key. Anyone ever done this before? I am having problems even with the key, since Checkpoint takes hex values for the key and pix takes a normal key. Any tips ?
Thanks in Advance.
03-23-2001 10:58 AM
It makes it a little harder using two different vendors. Ive always found using the same vendor in the long run is a better idea. Id suggest conferencing both Cisco and Checkpoint to help get the issue resolved. Ive never had any problems with Cisco because of their open architecture technology but Im not sure about Checkpoint.
03-23-2001 01:43 PM
I suppose you wanted a Tunnel mode VPN connection between the two firewalls. I don't know much about PIX but on Checkpoint, the "Tunnel mode" terminology is not used. Instead you need to make sure the "Support Keys exchange for subnets" box is checked under the Workstation Properties for both the CheckPoint and PIX network objects. This is the trick in letting CheckPoint know that Tunnel Mode VPN is enabled.
I thought CheckPoint uses clear text as the shared secret key, I remember an IBM firewall uses HEX for the shared secret key. If it does ask for hex then it will just be the HEX representation of the ASCII shared secret text.
John Luk.
04-06-2001 07:20 AM
There is an example on Checkpoints website:
http://support.checkpoint.com/kb/docs/public/firewall1/4_1/pdf/pixvpn.pdf
It should solve your problem...
04-06-2001 08:22 AM
Unfortunately, many have tried the example on chpt's site. With it, the tunnel will drop anytime a change is made to either firewall, along with a few other "issues".
To be honest, the one on Cisco's site is a little better, but still has issues. If you have a fairly simple Checkpoint config, the one on CCO will work well. If your chpt config is more complex you will probably run into problems.
Alex
(Been there, done that too may times... I HATE CHPT)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide