 | ||
 Site to site VPN using certificates - quick question | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Search this Thread | Display Modes |
 2009-08-17 | |||
| |||
 Site to site VPN using certificates - quick question I'm new to using certificates for VPN configs rather than pre shared keys... Hypothetically, if I have two R65 firewalls, managed by two separate SCS do I need to use a third party CA ? -such as microsoft or can I use each enforcment modules SCS to generate a certificate between them? I read somewhere if they shared the SCS I wouldnt have a problem because I could use the internal CA __________________ Remember to add to someones reputation if they have helped you, by clicking on their scales icon  |
| 2009-08-17 | |||
| |||
| Re: Site to site VPN using certificates - quick question Thanks for the prompt reply! On one of the R65 boxes (deviceA) I have the second R65 box (deviceB) configured as an interoperable device, do you/anyone know .... if I export the internal_ca certs from both deivces SCS how to I import deviceA's cert into deviceB? I would have thought it would be the 'Add' option on the VPN properties page on deviceA, but I cannot selected anything from the 'CA to enrole from' other than the internal_ca, with this selected I recieve: --------------------------- Check Point SmartDashboard --------------------------- Cannot generate certificate from 'internal_ca' Certificate Authority because DEVICEA already has a certificate generated by 'internal_ca' Certificate Authority. --------------------------- OK --------------------------- I apologise in advance if I'm barking up the wrong tree here LOL __________________ Remember to add to someones reputation if they have helped you, by clicking on their scales icon |
| 2009-08-17 | |||
| |||
| Re: Site to site VPN using certificates - quick question Go to the Servers and OPSEC Applications tab. Create a new trusted CA, and add the file on the OPSEC PKI tab using the Get... button. |
| 2009-12-17 | |||
| |||
| Re: Site to site VPN using certificates - quick question Hi Guys, I am currently in somewhat similar situation. I never worked on S2S VPN using certificates. Any help on this appreciated... Here is the situation:- My end Checkpoint NGX R65 & remote end Cisco ASA. Remote end guy wants to use certificates as IKE authentication method for S2S VPN.Thet have sent us their certificate in a text file. I searched on Checkpoint site but there si very little information about certificate authentication method in S2S VPN. From NGX VPN admin guide,I could only figure out that I'll have to create a Trusted CA object in SERVERS & OPSEC in teh Checkpoint. But I don't know the next step which I should follow.Also not sure how do I generate certificate in my checkpoint & provide to remote end guy so that he can use the same for IKE authentication in their ASA. Can anyone help me with a step-by-step procedure or refer to relevant website/document that I can refer. ? Thanks in advance |
|
| Tags |
| certificates, vpn, x.509 |
| Thread Tools | Search this Thread |
| Display Modes | |
| |
Linear Mode
