Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN tunnel between ASA5520 and Check Point

I’ve been tasked to establish a VPN tunnel between our ASA5520 and another merging company with a Check Point on Nokia platform.  I’ve got a list of IKE and IPSEC parameters from the Check Point unit and it’s external IP Address.  There’s also a pre-shared key that I need to share.  Another requirement is that since both companies have similar subnets, I would have to NAT all traffic over this tunnel.

My question is what do I need to configure on my ASA5520 to get this VPN tunnel established and how do I confirm that my portion is functional?  Is there documentation that Cisco can provide as a reference?

3 REPLIES

Re: VPN tunnel between ASA5520 and Check Point

Hi,

You can access ASDM and following the IPsec Site-to-Site VPN which will guide you ste-by-step to configure the tunnel.

Or you can always use the CLI.

Here's a guide:

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a9a7a3.shtml

Federico.

Community Member

Re: VPN tunnel between ASA5520 and Check Point

I need to NAT my host 10.10.1.25 to 10.90.7.25.  How do I do this?

Re: VPN tunnel between ASA5520 and Check Point

Hi,

Normally you don't NAT the VPN traffic, but if you need to NAT you do the following:

access-list NAT permit ip host 10.10.1.25 REMOTE_LAN

static (inside,outside) 10.90.7.25  access-list NAT

access-list VPN permit ip host 10.90.7.24 REMOTE_LAN

The above configuration uses Policy NAT to translate the internal 10.10.1.25 to 10.90.7.25 when going to REMOTE_LAN

Federico.

557
Views
0
Helpful
3
Replies
CreatePlease to create content