Solved

PIX<--> Checkpoint <-> PIX

Posted on 2002-03-20
4
481 Views
Last Modified: 2011-04-14
Dear
       I need to setup a follow VPN connection 2 PIXs
        PIX<--> Checkpoint <-> PIX

       I put a Checkpoint between 2 PIX

       What protocol or Port I need to open in checkpoint policy for this VPN connection?

Thank you for your help

0
Comment
Question by:logout
4 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6889844
You probably need to pass IKE (UDP/500), ESP (IP protocol 50), and AH (IP protocol 51).  There's likely also some CP specific names for this stuff, and maybe even a service group representing all of them, but I don't have a CP system to look on right now.
0
 
LVL 4

Accepted Solution

by:
svindler earned 100 total points
ID: 6912626
If you are setting up an IPSec connection, then there IS a service group you can specify.
I believe GRE (IP protocol 47) is also included. Depending on your IPSec setup you may not need to allow all of the protocols/ports included in "IPSec" service group, but it makes for a more readable policy.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7871967
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question:

I recommend: delete or split points. Both experts have valuable information

if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

thanks,
lrmoore
EE Cleanup Volunteer
---------------------
0
 

Expert Comment

by:SpideyMod
ID: 7926489
Split

SpideyMod
Community Support Moderator @Experts Exchange

chris_calabrese points for you at:
http://www.experts-exchange.com/Networking/Broadband/VPN/Q_20509269.html
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question