ASA to Checkpoint

Unanswered Question
Oct 1st, 2007
User Badges:

Hi there, we have an ASA 5510 and have a VPN to a 3rd party who use a Checkpoint R62 Secure Platform with 4.1 Nokia IPSO and there are a few problems with the VPN establishment.


We know there are lifetime differences and have set according the 3rd parties specifications, we have had issues in the past with Checkpoint devices but with this one we quite often see the tunnel come up, traffic passes from our network to their with response back but they cannot access our network.


Are there any Cisco documents about compatability issues or similar? In terms of config changes we are pretty certain ours is fine as the VPN eventually stabilises and they can send traffic too so the lifetimes and all other authentication and encryption should be ok.


TIA!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
diccondupre Mon, 10/01/2007 - 07:14
User Badges:

Thanks for the link Dandy, our side of the config is basically the same with obvious changes for being ASA, as far as their side they are a financial house and are unwilling to offer any information to us. I will re-query them but if anyone else has any useful information that would be cool.

johnnylingo Sat, 01/19/2008 - 15:29
User Badges:
  • Bronze, 100 points or more

Just wanted to reiterate this...key word here is *exactly*. We tried this last week and found out that if the Checkpoint is set to summarize some subets (for example 192.168.0.0/23) and the ASA is set for 192.168.0.0/24 and 192.168.1.0/24, the tunnel will come up and work for a couple hours before dropping and not coming back. Having them exactly the same on both ends fixed everything.

Actions

This Discussion