Configure site-to-site VPN
Hardening and checkpointing firewalls
Hardening and checkpointing firewalls
VPN specifications:
Stage 1:
Encryption: DES
Hash value: MD5
Pre-shared key: 123456
DH group 2
Stage 2:
Encryption: DES
Hash value: SHA256
PFS Group 2
Configuration within checkpoint:
Similar to this post:
FGT side configuration:
Since there is no place to select a checkpoint in FGT’s web GUI, we can still select Cisco.
Then go into FGT’s CLI and declare encryption and hashing according to the plan above:
Stage 1:
Configure vpn ipsec phase 1 interface
Edit “to point c”
Set proposal des-md5 des-sha1
setdhgrp2
Stage 2:
Configure vpn ipsec phase 2 interface
Edit “to point c”
Set proposal des-sha256
set pfs enable
setdhgrp2
Next enter the tunnel of the BringUp tunnel
UP The result is no problem:
Check again:
Ping between 2 LANs
LAN FGT to LAN checkpoint:
FGT checkpoint:
CHECKLOG ON CHECKPOINT: If you don’t see the drop, that’s fine
Solarwind NTA download link:
Xem tiếp...
