Linux box -> Checkpoint Firewall
> Good question... I've looked in the past, but never found enough time to
> try &
> figure that one out... There is almost no informatino around on doing it
> though (At least that I've ever managed to find).
> I have a user here who does use Gentoo & kvpn to a cisco concentrator. So
> SHOULD work almost the same.
> On the checkpoint firewall, are you using standard IPSec tunnels
> (Firewall-Firewall type) or trying to use checkpoints remote client
> (WHich normally use a checkpoint client on a windows PC).
I'm trying to do 'remote client configs'. As I understand it, there isn't
a lot of difference between static and dynamic vpns from the devices'
point of view, both types use ipsec, possibly tunnelled inside udp to
sneak past nat devices. When I used to configure Cisco Pix's for this a
few years ago it didn't distinguish between static and dynamic endpoint
vpns, they were part of the same crypto map set bound to an interface.
The difficulty is getting xauth in there - straight pre shared keys or
cert exchange seem like they will work ok (not tested!). The nice firewall
admins at my new office have offered to do a static vpn to my home ip
range with pre shared keys, but I'd like to see if I can get the dynamic
variant working, since we have a few Linux users with laptops who would
find it useful to roam.
I'll report back if I find anything useful.
email@example.com mailing list