[FW-1] PIX Configuration

Subject:	[FW-1] PIX Configuration
From:	Oscar Aviles Sandoval <oaviles AT SECURESOFT.COM DOT PE>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 21 Apr 2004 12:46:10 -0500

This is an Example between a PIX and Check Point FW
For example
PIX  6.3.3.
Check Point 4.1 or NG
 
Pix Side
 
PIX Firewall
10.10.10.1 (Internal)
200.200.200.2 (External)
 
Host behind the PIX
10.10.10.3 and with NAT  200.200.200.3 
 
Check Point Side
 
Check Point Firewall
210.210.210.2 (External)
192.168.10.1 (Intenal)
 
Host behind the Check Point
192.168.10.3 and with NAT 210.210.210.3
 
 
Schema
 
The VPN is with the following parameter:
3DES. MD5 (for both phases)
EXAMPLE_OF_SECRET (Preshared Secret)
The host 210.210.210.3 want to comunnicate with the host 200.200.200.3
 
THIS IS THE CONFIGURATION ON THE PIX SIDE, 
 
##NAT for the Internal IP##
 
static (inside,outside) 200.200.200.3 10.10.10.3 255.255.255.255 
255.255.255.255 0 0

access-list Test_Access_List permit ip host 200.200.200.3 hots 210.210.210.3
sysopt connection permit−ipsec
 
##### PHASE 2 #####
##Define set of encripcion, in this case is 3DES and MD5##
 
crypto ipsec transform-set pixset esp-3des esp-md5-hmac
 
crypto map testmap 10 ipsec-isakmp
crypto map testmap 10 match address Test_Access_List
crypto map testmap 10 set peer 210.210.210.2
crypto map testmap 10 set transform-set pixset
crypto map testmap interface outside
 
#####PHASE 1 ######
 
isakmp enable outside
isakmp keyEXAMPLE_OF_SECRET address 210.210.210.2 netmask 255.255.255.255
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
 
 
On the Check Point SIDE, You know, this is very simple. 
 
 

Ing. Oscar Aviles Sandoval

Director Gerente 


Secure Soft S.A.C.


 <blocked::mailto:oaviles AT securesoft.com DOT pe> oaviles AT securesoft.com 
DOT pe

Paseo de la Castellana 631 

Oficina 101

Santiago de Surco

Lima – Perú

(511) 99111867


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] PIX Configuration, Oscar Aviles Sandoval <= [FW-1] SecureClient SCV problem when SecureXL is active in SPLAT R55 HFA03, Peter Olsson

Previous by Date:	Re: [FW-1] Serious vulnerability found that could affect all Inte rn et, Crist Clark
Next by Date:	Re: [FW-1] eSafe with NG, Reinhard Stich
Previous by Thread:	Re: [FW-1] Serious vulnerability found that could affect all Inte rn et, Beck, Aaron
Next by Thread:	[FW-1] SecureClient SCV problem when SecureXL is active in SPLAT R55 HFA03, Peter Olsson
Indexes:	[Date] [Thread] [Top] [All Lists]