site to site VPN between Cisco ASA 5520 and checkpoint

Hi All,

  I need an urgent help in configuring vpn site to site between asa 5520 and checkpoint  FW in another  country

Remote county details:

Encryption Domain(s):        
VPN traffic direction ( from my cisco asa 5520 to other country checkpoint )
Source                                       Destination                           Service                                       FTP
  Below Configuration parameters sent by checkpoint administrator
Encryption Scheme defined:
Phase 1 Encryption Method:                            3DES
Phase 1 Hash Method:                                      MD5
Phase 2 Encryption Method:                            3DES
IKE & IPSEC Hash Method:                              SHA1
DH Group:                                                        Diffie Hellman Group 2
Security Association (SA) timers
Renegotiate IKE SA every                                 64800 seconds ( 18hrs)
Renegotiate IPSEC SA every                            3600 seconds
Aggressive Mode:                                            No
Support Perfect forward Secrecy:                     YES
Shared Secret:                                                 ************

please advise whats the asa 5520 configuration to be done from my side to connect to their checkpoint, i have tried creating site to site using cisco ASDM but still unable to connect, is there any specific config for checkpoint to work.. please advise
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

do you have both sides with the same IP segment?

you are missin the local lan/remote LAN ip segments

on the asa you will use the checkpoint wan ip as the peer address.

What Are you using to configure Command line, ASDM, or the web interface?

Match the IPs in the example, placing your checkpoint as the IOS router position.
Then match the ASA configuration..

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ITMaster1979Author Commented:
Hi Arnold

my local ip range is 192.168.14.x/24 and the remote I have only one IP FTP

I'm using ASDM.
the is the WAN IP

peer to peer <=> is the VPN End points
local:            Local:?
remote: LAN IPS?                    Remote: 192,168.14.0/24

3des sha1 1024 make sure to specify the same lifetimes as you have on the checkpoint.
pfs group 2

if you have it setup, what is the error in the log

no matching
key .....?
ITMaster1979Author Commented:  is the local IP in the other country, their WAN is

192.168.14.x/24  is my local network and my WAN interface is
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.