• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 723
  • Last Modified:

Cisco 1760 IPSec tunnel to Checkpoint

Hi All,

What a nightmare! <insert endless moaning here>

Anyway, I have a Cisco 1760 here, that has recently acquired the ability to support IPSec Tunnels - See here >> http:Q_21914514.html

Flash version is -> c1700-advsecurityk9-mz.124-8.bin

Now, I expect that the other end is going to be giving me information to configure our end (it seems logical, and hope is on my side) but they are asking some questions that I would prefer to answer correctly (than look stupid :))

So, they want to know the following information, and I am not certain what it means;

Encryption Domain -> they have provided a 134.x.x.x IP address, which has totally lost me
Subnet Mask -> this makes me think that maybe Encryption domain is my internal address range???
IPSec Gateway Address -> I assume this is the external address my router (they provide 155.x.x.x)
Test IPSec Gateway -> Once again, lost (they provide another 155.x.x.x number)
IPSec / Firewall Make -> this one I do know!
Version -> semi obvious
Encryption Method -> I am assuming this will be 3DES (that is what they provided)
Transforms -> I was just going to put what they had, ESP 3DES
Shared Secret -> also seems pretty obvious
Hash Method -> there is something besides MD5 (joking, kind-of)
DH Group -> no idea (they have Group 2)
ISA Timers -> no idea, was going to put what they had - IKE=7200 IPSEC=3600

Writing this down seems to have made it a little clearer (i am not going to edit it above)

Encryption domain is my internal range
Ipsec gateway address is my external router ip
test ipsec gateway isn't necessary
and DH Group will become apparent when I actually configure the router

Am I close?

Thanks in advance

-red
0
redseatechnologies
Asked:
redseatechnologies
  • 3
  • 3
1 Solution
 
redseatechnologiesAuthor Commented:
Oh yeah, should I ask another question about how to actually configure the router to connect to the other end as well?  I was planning on adding that here, but want to reward you all for your time fairly!

-red
0
 
lrmooreCommented:
You've pretty much got it, but here's some clarification.

Transforms = encryption + hash.  3DES-MD5 | 3DES-SHA | AES-MD5, etc
  Assume you will use 3DES-MD5
Hash Method = MD5 or SHA This matches your transform and both ends are the same
DH Group = Diffie Helmen group 2 = 1024bit. It will just be "group 2" under your IPSEC policy
ISA Timers = IKE and IPSEC lifetimes. Cisco's defaults are 28800 and 84600 respectively so these will need to be adjusted in your router config.
One other thing you need to know is whether or not they use ISAKMP keepalives - and what timer settings
And you need to know if PFS should be enabled or not.


0
 
redseatechnologiesAuthor Commented:
Spectacular,

Thanks for that lrmoore, i don't know what is more exciting - having the answer for my superiors tomorrow, or knowing that I had the right idea :)

-red
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
lrmooreCommented:
Take it a step further and show them this document - step by step to configure IPSEC from router to Checkpoint
Checkpoint 4.1
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094ac4.shtml
Or Checkpoint NG
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b4b40.shtml
0
 
redseatechnologiesAuthor Commented:
Dude, you are a star.

I saw that first link, but the second one looks like GOLD!

Thank you so much for your help, again :)

-red
0
 
lrmooreCommented:
Glad to be here!
Good luck!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now