VPN tunnel between PfSense and Checkpoint NG

- D
- Dogbert
  
  Contact options for registered users
posted
18 years ago

Thu, Feb 2, 2006 10:36 AM

Hi everyone,

I don't know if this is the best ng to place my question.

I'm having trouble creating a VPN tunnel between my Checkpoint NG R56 cluster and a pfsense box.

I successfully create a tunnel in the reverse direction, e.g. a client behind pfsense can connect via IPSEC tunnel to a client protected by checkpoint. I still have problem the other way around.

Both firewall has been configured with 3DES and MDS for both phase 1 and 2 and PFS (perfect forward secrecy) and the same shared secret (obviously). I've created successfully the same scenario with a SmoothWall box with Openswan patch and vpnpack.

Does anyone has any idea ?

Thanks Riccardo

- A
- Alessandro Perilli
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Feb 2, 2006 5:21 PM

Hi Riccardo, first of all something is strange: Check Point NG last version is R55W. R56 is just for SecureClient.

Anyway to successful troubleshoot this environment I should see the Check Point SmartView Tracker logs and pfSense IPSec logs.

Can you provide a couple of screenshots?

Alessandro Perilli, CISSP, MVP

formatting link

- A
- Alessandro Perilli
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Feb 3, 2006 10:18 AM

Riccardo, I have the strong suspect the Check Point object for pfSense network has the wrong subnet mask. Or something like that. The declared Check Point error is not necessary helpful or related to the real problem.

I could say it for sure just looking at the Check Point screenshoot for Main Mode packet, without any privacy masking. If you prefer send me a direct mail with the screenshot.

Regards

Alessandro Perilli, CISSP, MVP

formatting link