Cisco to CheckpointR75.40 VPN

[DevilWAH]

I wanted to check before I hashed something together to get it to work, as Checkpoint is not my strong point.

I need to set up some cisco routers at branch stations, with a Checkpoint gateway as the VPN end points. I am fine doing CISCO to CISCO VPN's with pre-shared keys, so I was just wondering is there any issues to look out for between Cisco and checkpoint. Or can any one point me in the direction of an updated guide for this please.

Cheers

DevilWAH

[DevilWAH]

Its OK I think, this guy seems to have written some nice instructions

note paper: IPSec VPN between Check Point and Cisco Router

[m3zilla]

I've setup quite a few VPN tunnels between R75.40 appliance and ASA, and they are usually pretty straight forward. However, I did run into a problem with one of our remote campus running R75.40, peering to an ASA5540. The tunnel would come up, but it would randomly drop traffic.

After looking at the logs, and a bit of research, I ended up with a registry change mentioned in sk42315 which fixed the problem. It essentially has to do with how CheckPoint handles the P1/P2 refresh as oppose to Cisco. CheckPoint renew P2 when it renew P1, while ASA treat each one separately.

[DevilWAH]

Quick question.

In CISCO you can set up a site to site VPN, where you list the intresting traffic using Access lists to determin what traffic goes through the VPN. and this seems to be the way you can do things using a star VPN topology.

however another method is to create a GRE tunnel that you then encrypt. this has the beafit of presenting an inter face that any traffic is directed to, rather than having to classifies traffic using lists.

Is this some thing that can be done with check point to cisco?