VBScriptError: Syntax error
Cyberoam Knowledge Base
HomeHome ArticlesArticles Most Popular ArticlesMost Popular Articles Most Helpful ArticlesMost Helpful Articles Request New ArticleRequest New Article
RSS Feeds
DrillDown Icon Table of Contents Back
 . . . . . . . . . . . . .
DrillDown Icon Version 9.x
DrillDown Icon How To
DrillDown Icon Anti Spam
DrillDown Icon Anti Virus
DrillDown Icon Authentication
DrillDown Icon Blocking
DrillDown Icon Clients
DrillDown Icon Content filtering
DrillDown Icon Firewall
DrillDown Icon IPS
DrillDown Icon Logs & Reports
DrillDown Icon SNMP
DrillDown Icon System
DrillDown Icon Registration
DrillDown Icon User
DrillDown Icon VPN
DrillDown Icon Configure SSL VPN in Cyberoam
DrillDown Icon Configure MS Windows Vista Client for PPTP connection
DrillDown Icon VPN Interoperability
DrillDown Icon Establish IPSec VPN using Vigor Draytek ADSL
DrillDown Icon Establish Net-to-Net IPSec VPN Connection between Cyberoam and Cisco Router using Preshared key
DrillDown Icon Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
DrillDown Icon Establish VPN Tunnel between Cyberoam and Checkpoint using Preshared key
DrillDown Icon Cyberoam to D Link (DI 808HV) IPSec VPN using preshared key
DrillDown Icon Cyberoam to Firebox (WatchGuard) IPSec VPN using Preshared key
DrillDown Icon Cyberoam to Sonicwall IPSec VPN using Preshared key
DrillDown Icon Cyberoam to Cisco PIX IPSec VPN using Preshared key
DrillDown Icon Cyberoam to Sonicwall IPSec VPN using Certificate
DrillDown Icon VPN Failover
DrillDown Icon Check VPN connection routes
DrillDown Icon Configure L2TP
DrillDown Icon Cyberoam to Cyberoam (Net-to-Net) IPSec VPN using Preshared key
DrillDown Icon Cyberoam to Cyberoam (Net-to-Net) IPSec VPN using Certificate
DrillDown Icon Cyberoam to Cyberoam (Net-to-Net) IPSec VPN when peers have Dynamic IP address
DrillDown Icon Cyberoam VPN Client to Cyberoam IPSec VPN for the remote access using preshared key
DrillDown Icon Cyberoam VPN Client to Cyberoam IPSec VPN for remote access using Digital Certificates
DrillDown Icon Configure MS Windows XP VPN Client for L2TP connection
DrillDown Icon Configure Cyberoam as a PPTP server
DrillDown Icon Configure Cyberoam to establish PPTP connection using MS Windows XP VPN Client
DrillDown Icon Configure MS Windows 2000 Client for PPTP connection
DrillDown Icon Create Hub and Spoke IPSec VPN Network
DrillDown Icon Intimation Regarding US New Daylight Saving Time Support
DrillDown Icon Verify the integrity check of Cyberoam Upgrade file using MD5 checksum
DrillDown Icon Troubleshooting
DrillDown Icon FAQ
DrillDown Icon Tech Notes
  Subscribe Print PreviewPrint Current Article and All Sub-Articles
 
Establish VPN Tunnel between Cyberoam and Checkpoint using Preshared key

 

Applicable to Version: 9.4.0 build 2 onwards

This article describes a detailed configuration example that demonstrates how to configure site-to-site IPSec VPN tunnel between a Cyberoam and Checkpoint Firewall using Preshared Key to authenticate VPN peers.

It is assumed that the reader has a working knowledge of Cyberoam and Checkpoint appliance configuration.

Throughout the article we will use the network parameters as shown in the diagram below.

Checkpoint Configuration

Step 1. Create an interoperable device from Manage > Network Objects > New > Interoperable Device. In General Properties page, specify name and IP Address
 
Step 2. In Topology page, define internal interface of the device or select “Manually defined” and create a network object. Create group object if multiple networks are included in the remote encryption domain.

Step 3. In the VPN > Advanced window, verify that “Use Community settings” is selected.

The various encryption options and interface information will be determined by the VPN community for each gateway in the community.

Step 4. On the VPN Manager tab, select VPN community as “My Intranet” or create a new VPN community.

In the participating Gateways page, add your firewall object (created in step 1) and the peer gateway object into the same community in same VPN community.

Step 5. In the VPN Properties page, check encryption properties i.e. phase 1 and 2 encryption and authentication algorithms to be used for a completion of successful negotiation.

CheckPoint vpn/firewall-1, by default, uses 3DES and MD5 for phase 1 and AES-128 and MD5 for phase 2.
 

Step 5. In the Tunnel Management page, use the default values.

Step 6. In Advanced Settings>Shared Secret page, select “Use only Shared Secret for all External members”.

Click “Edit” button and specify shared secret (preshared key)

Step 6. In Advanced Settings>Advanced VPN Properties page, under NAT tab, select “Disable NAT inside VPN Community”

Step 6. In the Security Policy, create a rule for your network so that your network can access the peer network and install Security policy.

Cyberoam Configuration

Log on to Cyberoam Web Admin Console and perform the following steps:

Step 7: Create VPN Policy

Go to VPN ® Policy ® Create Policy and create VPN policy with following values:

Policy Name: Cyberoam-Checkpoint
Using Template: None
Keying Method: Automatic
Allow Re-keying: Yes
Key Negotiation Tries: 3
Perfect Forward Secrecy (PFS): Yes 
 
Phase 1
Encryption Algorithm: 3DES   Authentication Algorithm: MD5
DH Group (Key Group): 2 (DH1024)
Key life: 3600 sec
 
Phase 2
Encryption Algorithm: AES128   Authentication Algorithm: MD5
DH Group (Key Group): 2 (DH1024)
Key life: 3600 sec 
 
 
Step 8: Create IPSec connection

Go to VPN ® IPSec Connection ® Create Connection and create connection with the following values:

Connection name: Cyberoam to Checkpoint
Policy: Cyberoam_Checkpoint (Created in step 7)
Action on restart: As per your requirement
Mode: Tunnel
Connection Type: Net to Net
Authentication Type – Preshared Key
Preshared Key: As per your requirement
 
Local server IP address (WAN IP address) – 61.95.197.129
Local Internal Network – 192.168.100.0/24
Remote server IP address (WAN IP address) – 219.87.151.13
Remote Internal Network – 172.16.16.0/24
User Authentication Mode: Disabled
Protocol: All
 

Step 9: Activate Connection

Go to VPN ® IPSec Connection ® Manage Connection and click  against the connection.

  Under the Connection status indicates that the connection is successfully activated

Document version – 1.0-01/07/2008

Attachments
Article ID: 1002