How To Setup a Site-to- Site VPN with Cisco Remote Gateway

Similar documents
Security Gateway Virtual Appliance R75.40

Security Gateway R75. for Amazon VPC. Getting Started Guide

Endpoint Security VPN for Windows 32-bit/64-bit

Endpoint Security VPN for Mac

Remote Access Clients for Windows

How To Backup a SmartCenter

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Endpoint Security VPN for Mac

ZyWALL USG-Series. How to setup a Site-to-site VPN connection between two ZyWALL USG series.

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Multi-Domain Security Management

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Security Gateway for OpenStack

How To Set Up Checkpoint Vpn For A Home Office Worker

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

SSL Network Extender R71. Release Notes

Connecting Remote Offices by Setting Up VPN Tunnels

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

How do I set up a branch office VPN tunnel with the Management Server?

Configuring PDM. Starting PDM with Internet Explorer CHAPTER

Scenario: IPsec Remote-Access VPN Configuration

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082

IPsec VPN Application Guide REV:

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

Route Based Virtual Private Network

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

Windows XP VPN Client Example

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

VIRTUAL PRIVATE NETWORK (VPN) USER S GUIDE FOR WINDOWS

DDoS Protection on the Security Gateway

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

7. Configuring IPSec VPNs

Firewall R76. Administration Guide. 14 February Classification: [Protected]

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

Windows 8 VPN Get Connected

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

Scenario 1: One-pair VPN Trunk

Global VPN Client Getting Started Guide

Endpoint Security Client

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

SmartView Monitor. R77 Versions. Administration Guide. 21 May Classification: [Protected]

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Configure IPSec VPN Tunnels With the Wizard

Configuring IPsec VPN with a FortiGate and a Cisco ASA

RouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance

Scenario: Remote-Access VPN Configuration

Cisco VPN Concentrator Implementation Guide

Configuring High Availability for Embedded NGX Gateways in SmartCenter

WatchGuard Mobile User VPN Guide

VPN Configuration Guide WatchGuard Fireware XTM

VPN Tracker for Mac OS X

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

VPN Wizard Default Settings and General Information

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

Configuring SonicOS for Microsoft Azure

Sophos UTM. Remote Access via PPTP Configuring Remote Client

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

CA VPN Client. User Guide for Windows

If you have questions or find errors in the guide, please, contact us under the following address:

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Integration Guide. SafeNet Authentication Client. Using SAC CBA for Check Point Security Gateway

SonicWALL Global Management System Configuration Guide Standard Edition

Astaro User Portal: Getting Software and Certificates Astaro IPsec Client: Configuring the Client...14

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

How to setup a VPN on Windows XP in Safari.

HOWTO: How to configure IPSEC gateway (office) to gateway

Oracle Enterprise Manager. Description. Versions Supported

VPN Configuration Guide. Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router

Check Point Security Administrator R70

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

VPN Configuration Guide. Dell SonicWALL

How To Industrial Networking

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

Security Management Server

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

How To Connect To A University Of Cyprus Vpn 3000 From Your Computer To A Computer With A Password Protected Connection

Chapter 5 Virtual Private Networking Using IPsec

Configuring IPsec VPN between a FortiGate and Microsoft Azure

VPN Configuration Guide. Cisco ASA 5500 Series

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Enable VPN PPTP Server Function

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

How to configure MAC authentication on a ProCurve switch

VNS3 to Cisco ASA Instructions. ASDM 9.2 IPsec Configuration Guide

VPN L2TP Application. Installation Guide

Transcription:

How To Setup a Site-to- Site VPN with Cisco Remote Gateway 26 April 2011

2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?id=11892 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). Revision History Date Description 26 April 2011 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=feedback on How To Setup a Site-to-Site VPN with Cisco Remote Gateway ).

Contents Important Information... 3 VPN Setup... 5 Configuring the Cisco Gateway Object... 5 VPN Community Setup... 6 VPN Community Configuration... 6 Defining the VPN Domain...12 VPN Domain Configuration...14 Rules for Traffic... 16 Setting a Rule...16 Setting VPN Community in the Rule...17 Final Step... 18

Configuring the Cisco Gateway Object VPN Setup Configuring the Cisco Gateway Object To create the Cisco Gateway Object: 1. Right click: Network Objects >New >Others >Interoperable Device 2. In the General Properties dialog box, enter a Name for the Gateway, IP address and description (optional). Note - Use the external routable IP address of the Cisco peer for the IP. 3. Click OK. VPN Setup Page 5

VPN Community Setup VPN Community Setup 1. Select the IPSec VPN tab. 2. Right click in the open area on the top panel. Select New Community-->Star VPN Community Configuration To configure the VPN: 1. Name the VPN Community. 2. Click Center Gateways. 3. Click Add. 4. Select the local Check PointSecurity Gateway object. VPN Setup Page 6

VPN Community Configuration 5. Click OK. 6. Click Satellite Gateways. 7. Click Add 8. Select the previously named Cisco peer gateway object. VPN Setup Page 7

VPN Community Configuration 9. Click OK. 10. Click VPN Properties. Note - You can change the Phase 1 and Phase 2 properties here. Note the values you select, because the peer will need to match these values. You can define the Tunnel setup in the Tunnel Management option. One VPN tunnel per subnet pair is the recommended tunnel sharing method. This shares your network on either side of the VPN, makes the phase 2 negotiation easier, and requires fewer tunnels to be built for the VPN. VPN Setup Page 8

VPN Community Configuration You can restrict access on the VPN through your security rulebase. Note - Permanent tunnels can only be done between Check Point gateways. To Configure VPN Tunnel: 1. Click Tunnel Management to configure the tunnel. To Configure the Shared Secrets: 1. Click Advanced Settings 2. Click Shared Secret 3. Select Use only Shared Secret for all External members 4. Select your peer gateway in the list 5. Click Edit to edit the shared secret. Note - Remember this secret because your peer will need it to set up the VPN on the other end. VPN Setup Page 9

VPN Community Configuration To Modify Phase 1 and Phase 2 Advanced Settings 1. Click Advanced VPN Properties Keep note of these values. Note - It is recommended that you select Disable NAT inside the VPN community to access resources behind your peer gateway using their real IP addresses and vice versa. VPN Setup Page 10

VPN Community Configuration 2. Click OK to exit back to the SmartDashboard. Note - You may see the following message: At least one of the VPN Community members does not have the VPN domain defined. Are you sure you want to continue? 3. Click Yes to view your defined VPN community VPN Setup Page 11

Defining the VPN Domain Defining the VPN Domain Make sure you have Network Objects to represent the local networks and the Cisco peer networks that will be sharing with you. To Define the VPN Domain: 1. Right-click Networks 2. Select Network In the Network Properties window, enter the properties of the Cisco peer internal network. When many networks are shared on either end of the tunnel, it is recommended to create different groups to represent the domains on either side of the VPN tunnel. To create a Group: 1. Right click Groups 2. Select Groups>Simple Group This example shows one shared network, and there is one object in the group. There is no limit to the number of networks that can be shared. Important - Adding groups within a group can impact network performance. Make sure the group is "flat". VPN Setup Page 12

Defining the VPN Domain We recommend that the name of the group is relevant to the network setup, for example: "Local_VPN_Domain". Add all local networks for the VPN, to create the group that represents the Cisco peer shared network. 3. Click OK VPN Setup Page 13

VPN Domain Configuration 4. Adding a second group: VPN Domain Configuration Setting the VPN domains for each gateway: 1. Open the Properties for your local Check Point gateway object. 2. Click Topology in the VPN Domain area. 3. Select Manually defined VPN Setup Page 14

VPN Domain Configuration 4. From the list, select <local VPN domain group object>. 5. Click OK and open the Properties for the Cisco gateway. 6. Select the group/network that represents the VPN domain. 7. Click OK VPN Setup Page 15

Setting a Rule Rules for Traffic After you setup the objects, the VPN, and the community, set up Rules to control flow of traffic to allow and restrict access to the VPN. Setting a Rule To setup a Rule: 1. Right click above the number in the rule column where you want the rule to be set. 2. Select Add Rule>Below In the example below, the Rule allows any service across the tunnel in both directions. Rules for Traffic Page 16

Setting VPN Community in the Rule To set the VPN community in the VPN column of the Rule: 1. Right click the Any Traffic icon. 2. Select Edit Cell. 3. Select Only connections encrypted in specific VPN Communities. 4. Click Add. 5. Select the VPN community. 6. Click OK. 7. Click OK again. Setting VPN Community in the Rule The Rule appears in the VPN column. Rules for Traffic Page 17

Setting VPN Community in the Rule Final Step Install the policy to the local Check Point gateway. The VPN is setup! After the Cisco remote side sets up their VPN to match, a secure communication with their site is established. Final Step Page 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information