 | ||
 Setup Guide for VPN - CP to Draytek | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Search this Thread | Display Modes |
 2008-07-11 | |||
| |||
 Setup Guide for VPN - CP to Draytek This document was created using screen shots from a Vigor Draytek 2600 Plus running code 2.5.6_UK. I don't know much about the Draytek device as I actually do not own one. This setup was what worked for me and others I have emailed the screen shot PDF. I don't know if Draytek menus change frequently but what I have provided should be close enough to intuit if necessary. I can't honestly say that I get why some of these settings are the way they are, especially the "MORE" box on the remote networks, I just know it doesn't work if you don't do all of this. It's a miracle that I actually figured this out but since I had 4 UK customers with this firewall, I didn't have much choice except to work on this for a week to get it to work. Hope it helps you guys out. VPN - CP to Draytek -> Draytek Configuration 1) Advanced Setup> VPN and Remote Access Setup > VPN IKE / IPSec General Setup: Insert pre-shared Key where prompted 2) Advanced Setup> VPN and Remote Access Setup > VPN IKE / IPSec General Setup: Choose IPSec High (ESP) Method. (I used 3DES at the time, but AES should work as it has been several years since I did this) 3) Advanced Setup> VPN and Remote Access Setup > Lan-to-Lan Profile Setup: Choose one of your available site ID slots and create a new site profile 4) Configure your Site profile a) Box 1 (Common Settings) Check Enable profile Name the profile Select Both for call direction b) Box 2 (Dial-Out Settings) Choose IPSec tunnel Add IP of remote (CP) VPN gateway (CP Public Phase 1 IP) Click IKE Pre-Shard Key and enter key Choose IPSec Method: High (ESP) and select matching Method c) Box 2 (continued) Click IKE Advance Settings button to configure: Main Mode, IKE Phase 1 Proposal that matches CP side IKE Phase 1 lifetime 1440 IKE Phase 2 lifetime 3600 DISABLE PFS d) Box 3 (Dial-In Settings) Choose IPSec Tunnel Specify Remote VPN Gateway (CP Public Phase 1 IP) Add IKE Pre-shared key AGAIN Select IPSec Security Method (that matches your CP Phase 2 settings) e) Box 4 (TCP/IP Network Settings) My WAN IP = Draytek Public IP for VPN Remote Gateway IP = CP Public Phase 1 IP Remote Network IP = CP Phase 2 Network Remote Network Mask = CP Phase 2 Network Mask Click MORE button and add any/all networks for the tunnel on the CP side here with the appropriate masks For NAT Operation, treat remote sub-net as = Private IP __________________ There's no place like 127.0.0.1 Last edited by lammbo; 2008-07-11 at 14:08.  |
|
| Thread Tools | Search this Thread |
| Display Modes | |
| |
Linear Mode
