VPN tunnel between PfSense and Checkpoint NG
in [Firewalls]
|
Prev: Outlook can't access server unless I disable NIS firewall
Next: One question about Outpost Pro in english language. URGENT.
From: Dogbert on 2 Feb 2006 05:36 Hi everyone, I don't know if this is the best ng to place my question. I'm having trouble creating a VPN tunnel between my Checkpoint NG R56 cluster and a pfsense box. I successfully create a tunnel in the reverse direction, e.g. a client behind pfsense can connect via IPSEC tunnel to a client protected by checkpoint. I still have problem the other way around. Both firewall has been configured with 3DES and MDS for both phase 1 and 2 and PFS (perfect forward secrecy) and the same shared secret (obviously). I've created successfully the same scenario with a SmoothWall box with Openswan patch and vpnpack. Does anyone has any idea ? Thanks Riccardo -- -------------------------------------------------------- - Togli NO SPAM per rispondermi direttamente - -------------------------------------------------------- - http://dogbert.altervista.org/ - -------------------------------------------------------- - - - Monsieur Perrier: "Lei cosa ne pensa ?" - - MrWong: "Io perplesso." - - Alce: "Io SONO perplesso... ci vorra' un - - verbo qualche volta.... lei mi porta - - alla PAZZIA !!!!!! - - - --------------------------------------------------------
From: Alessandro Perilli on 2 Feb 2006 12:21 Hi Riccardo, first of all something is strange: Check Point NG last version is R55W. R56 is just for SecureClient. Anyway to successful troubleshoot this environment I should see the Check Point SmartView Tracker logs and pfSense IPSec logs. Can you provide a couple of screenshots? Alessandro Perilli, CISSP, MVP http://www.alessandroperilli.com http://www.securityzero.com http://www.virtualization.info
From: Alessandro Perilli on 3 Feb 2006 05:18
Riccardo, I have the strong suspect the Check Point object for pfSense network has the wrong subnet mask. Or something like that. The declared Check Point error is not necessary helpful or related to the real problem. I could say it for sure just looking at the Check Point screenshoot for Main Mode packet, without any privacy masking. If you prefer send me a direct mail with the screenshot. Regards Alessandro Perilli, CISSP, MVP http://www.alessandroperilli.com http://www.securityzero.com http://www.virtualization.info |