Configure IPSEC S2S between Cisco and Checkpoint
VPN parameters
Stage 1:
Encryption method: 3des
Hash MD5
Authentication: Pre-shared key: 123456
Group 2
Stage 2:
Encryption: AES 256
Hash sha1
Configuration: On Cisco R4 Router
encryption isakmp policy 1
coding3des
Hash MD5
Certified pre-shared
Group 2
Encryption isakmp key 123456 address 10.1.3.1
!
Encryption ipsec transform set TS esp-aes 256 esp-sha-hmac
!
crypto map CM 10 ipsec-isakmp
Set peer 10.1.3.1
Set transformation set TS
Match address 100
!
Access list 100 allows ip 192.168.5.0 0.0.0.255 192.168.200.0 0.0.0.255
!
Interface Ethernet 0/1
IP address 10.3.4.4 255.255.255.0
CryptomapCM
Configure on CHECKPOINT FW
Claim the remote Cisco router:
Declare R4 parameters:
Declared specifically internally
===========
External:
=================
=================
===============
Statement VPN Community
===============
Statement VPN Community
Select Gateway Checkpoint and Cisco
Fill in the parameters that match Cisco
===================
Create policy rules for mutual VPN connection between both parties
=================
Try pinging each other
Checkpoint LAN ping Cisco LAN OK
Viewing the logs on Checkpoint shows that there is no problem with encryption and no drop errors:
Xem tiếp...
