[VPN] Re: Checkpoint VPN
Sajid Fiaz <sajidfiaz <at> gmail.com> writes:
> I wanted to setup Site to Site VPN with Checkpoint Firewall-1 NG FP-3,
> and ISA Server 2004, can some of you tell me that where can i find the
> exact information about that???
> 2nd is that I wanted to allow my clients to dial VPN connection from
> there machines while they are behind Checkpoint Firewall (NAT
> Clients). I canot find any useful information about this.
You have to add the gateway on the Checkpoint as a Interoperable Device.
Easiest way to establish dial vpn connections is using PPTP or L2TP. Allow
PPTP (TCP 1723) both directions on the Checkpoint; and also allow UDP500, ESP,
AH, GRE and UDP4500. Also, setup xAuth using LDAP, Kerberos or RADIUS. The
LOCAL db for Checkpoint NG is limited.
Also make sure that the dial vpn clients behind your checkpoint are NAT'd
behind the public interface and not a DIP pool. Otherwise they will have
problems connecting over PPTP.
VPN mailing list