Solved

PIX<--> Checkpoint <-> PIX

Posted on 2002-03-20
4
482 Views
Last Modified: 2011-04-14
Dear
       I need to setup a follow VPN connection 2 PIXs
        PIX<--> Checkpoint <-> PIX

       I put a Checkpoint between 2 PIX

       What protocol or Port I need to open in checkpoint policy for this VPN connection?

Thank you for your help

0
Comment
Question by:logout
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6889844
You probably need to pass IKE (UDP/500), ESP (IP protocol 50), and AH (IP protocol 51).  There's likely also some CP specific names for this stuff, and maybe even a service group representing all of them, but I don't have a CP system to look on right now.
0
 
LVL 4

Accepted Solution

by:
svindler earned 100 total points
ID: 6912626
If you are setting up an IPSec connection, then there IS a service group you can specify.
I believe GRE (IP protocol 47) is also included. Depending on your IPSec setup you may not need to allow all of the protocols/ports included in "IPSec" service group, but it makes for a more readable policy.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7871967
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question:

I recommend: delete or split points. Both experts have valuable information

if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

thanks,
lrmoore
EE Cleanup Volunteer
---------------------
0
 

Expert Comment

by:SpideyMod
ID: 7926489
Split

SpideyMod
Community Support Moderator @Experts Exchange

chris_calabrese points for you at:
http://www.experts-exchange.com/Networking/Broadband/VPN/Q_20509269.html
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question