Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
791
Views
0
Helpful
4
Replies

IPSEC tunnel between PIX515 and CheckPoint Firewall 1.0

srajapakse
Level 1
Level 1

‎03-20-2001 06:09 AM - edited ‎02-21-2020 11:18 AM

Hello All,

I am trying to get a PIX515 and Checkpoint Firewall 1.0 to talk to each other through IPSEC, using DES, SHA and a pres-shared key. Anyone ever done this before? I am having problems even with the key, since Checkpoint takes hex values for the key and pix takes a normal key. Any tips ?

Thanks in Advance.

Labels:
0 Helpful
4 Replies 4

thomas.chen
Level 6
Level 6

‎03-23-2001 10:58 AM

It makes it a little harder using two different vendors. I’ve always found using the same vendor in the long run is a better idea. I’d suggest conferencing both Cisco and Checkpoint to help get the issue resolved. I’ve never had any problems with Cisco because of their open architecture technology but I’m not sure about Checkpoint.

0 Helpful

joluk
Level 1
Level 1

‎03-23-2001 01:43 PM

I suppose you wanted a Tunnel mode VPN connection between the two firewalls. I don't know much about PIX but on Checkpoint, the "Tunnel mode" terminology is not used. Instead you need to make sure the "Support Keys exchange for subnets" box is checked under the Workstation Properties for both the CheckPoint and PIX network objects. This is the trick in letting CheckPoint know that Tunnel Mode VPN is enabled.

I thought CheckPoint uses clear text as the shared secret key, I remember an IBM firewall uses HEX for the shared secret key. If it does ask for hex then it will just be the HEX representation of the ASCII shared secret text.

John Luk.

0 Helpful

rrednet
Level 1
Level 1

‎04-06-2001 07:20 AM

There is an example on Checkpoints website:

http://support.checkpoint.com/kb/docs/public/firewall1/4_1/pdf/pixvpn.pdf

It should solve your problem...

0 Helpful

alewis
Level 1
Level 1
In response to rrednet

‎04-06-2001 08:22 AM

Unfortunately, many have tried the example on chpt's site. With it, the tunnel will drop anytime a change is made to either firewall, along with a few other "issues".

To be honest, the one on Cisco's site is a little better, but still has issues. If you have a fairly simple Checkpoint config, the one on CCO will work well. If your chpt config is more complex you will probably run into problems.

Alex

(Been there, done that too may times... I HATE CHPT)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents