Applicable to Version: 9.4.0 build 2 onwards
This article describes a detailed configuration example that demonstrates how to configure site-to-site IPSec VPN tunnel between a Cyberoam and Checkpoint Firewall using Preshared Key to authenticate VPN peers.
It is assumed that the reader has a working knowledge of Cyberoam and Checkpoint appliance configuration.
Throughout the article we will use the network parameters as shown in the diagram below.
Checkpoint Configuration
Step 1. Create an interoperable device from Manage > Network Objects > New > Interoperable Device. In General Properties page, specify name and IP Address
Step 2. In Topology page, define internal interface of the device or select “Manually defined” and create a network object. Create group object if multiple networks are included in the remote encryption domain.
Step 3. In the VPN > Advanced window, verify that “Use Community settings” is selected.
The various encryption options and interface information will be determined by the VPN community for each gateway in the community.
Step 4. On the VPN Manager tab, select VPN community as “My Intranet” or create a new VPN community.
In the participating Gateways page, add your firewall object (created in step 1) and the peer gateway object into the same community in same VPN community.
Step 5. In the VPN Properties page, check encryption properties i.e. phase 1 and 2 encryption and authentication algorithms to be used for a completion of successful negotiation.
CheckPoint vpn/firewall-1, by default, uses 3DES and MD5 for phase 1 and AES-128 and MD5 for phase 2.
Step 5. In the Tunnel Management page, use the default values.
Step 6. In Advanced Settings>Shared Secret page, select “Use only Shared Secret for all External members”.
Click “Edit” button and specify shared secret (preshared key)
Step 6. In Advanced Settings>Advanced VPN Properties page, under NAT tab, select “Disable NAT inside VPN Community”
Step 6. In the Security Policy, create a rule for your network so that your network can access the peer network and install Security policy.
Cyberoam Configuration
Log on to Cyberoam Web Admin Console and perform the following steps:
Step 7: Create VPN Policy
Go to VPN ® Policy ® Create Policy and create VPN policy with following values:
Policy Name: Cyberoam-Checkpoint
Using Template: None
Keying Method: Automatic
Allow Re-keying: Yes
Key Negotiation Tries: 3
Perfect Forward Secrecy (PFS): Yes
Phase 1
Encryption Algorithm: 3DES Authentication Algorithm: MD5
DH Group (Key Group): 2 (DH1024)
Key life: 3600 sec
Phase 2
Encryption Algorithm: AES128 Authentication Algorithm: MD5
DH Group (Key Group): 2 (DH1024)
Key life: 3600 sec
Step 8: Create IPSec connection
Go to VPN ® IPSec Connection ® Create Connection and create connection with the following values:
Connection name: Cyberoam to Checkpoint
Policy: Cyberoam_Checkpoint (Created in step 7)
Action on restart: As per your requirement
Mode: Tunnel
Connection Type: Net to Net
Authentication Type – Preshared Key
Preshared Key: As per your requirement
Local server IP address (WAN IP address) – 61.95.197.129
Local Internal Network – 192.168.100.0/24
Remote server IP address (WAN IP address) – 219.87.151.13
Remote Internal Network – 172.16.16.0/24
User Authentication Mode: Disabled
Protocol: All
Step 9: Activate Connection
Go to VPN ® IPSec Connection ® Manage Connection and click 
against the connection.
Under the Connection status indicates that the connection is successfully activated
Document version – 1.0-01/07/2008
