Hi,
I have no doc, but I have set up a VPN tunnel between a Watchguard VCLASS and a
Checkpoint NG AI R54, and I know very well the Watchguard's device.
Are you in traditional mode or in Simplified mode ?
For the watchguard, in Policy Manager :
Network / Branch Office VPN / Manual IPSEC
Create a new Gateway for your CheckPoint, with a shared-key for authentication.
Use this gateway for create a new Tunnel.
And define the IPSEC route :
Watchguard Internal LAN to CheckPoint Internal LAN with the new tunnel
In Checkpoint SmartDashboard (in simplified mode):
Create a interroperable device with the Public IP of Watchguard,
Create a new VPN community and insert in your Watchguard object and your
Checkpoint gateway object, and define VPN parameters and pre-shared key.
Be sure to use the same parameters for VPN setting.
The VPN setting for Watchguard are defined in the tunnel and Gateway parameters.
The VPN setting for Checkpoint are defined in the Community parameters.
Your "VPN domain" have to be correctly defined.
Watchguard default VPN parameters are
Phase 1 :
SHA1-HMAC / DH groupe 1 / Encryption DES / Negociation time-out : 24 hour /
Main mode
Phase 2 :
ESP / SHA1-HMAC for authentication/ 3DES encryption / KEy expiration : 8192 Kb
or 24 hours
Best regards,
Gildas
-----Message d'origine-----
De : Naseer Inamdar [mailto:INAMDAR.NASEER AT MAHINDRA DOT COM]
Envoyé : jeudi 26 août 2004 8:56
À : FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Objet : [FW-1] Site to Site VPN using Checkpoint NG AI and Watchgaurd
700x
Hi,
I have to set up a VPN between a R55 NG AI running on Secure Platform and a
Watchgurard 700x firewall. Has anybody configured this, if so I would like
somebody to provide help in terms of documentation for configuring the same.
I have already configure VPN communities on checkpoint firewall with
preshared secret which was provided by the other end. However I am not able
to trace any kind of connectivity between both. Also there are no firewall
logs related to this.
Kindly reply with details if somebody has already done this earlier.
Thanks a tonne
Cheers
Naseer.Inamdar
---DISCLAIMER-------------------------------------------------
The contents of this E-mail (including the contents of the
enclosure/(s) or attachment/(s) if any) are privileged and
confidential material of Mahindra and Mahindra Limited (M&M)
and should not be disclosed to, used by or copied in any
manner by anyone other than the intended addressee/(s). If
this E-mail (including the enclosure/(s) or attachment/(s)
if any ) has been received in error, please advise the
sender immediately and delete it from your system. The views
expressed in this E-mail message (including the enclosure/(s)
or attachment/(s) if any) are those of the individual sender.
--------------------------------------------------------------
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
