IPSec VPN using certificates between Checkpoint and Pix

[ohanes]

Greetings All,

I'm trying to find out if there is any papers or posting regarding
IPSec VPNs using certificates and internal certificate authority between
Checkpoint and Pix.

The assumption is to use Checkpoint's SmartCenter as the internal
certificates authority.

Anyone who done this before or know about any publication regarding
this subject would be appreciated and many thanks in advance.

Cheers
Ohanes

[kva.kva]

Document from CP site "How to configure IKE VPNs with Cisco PIX" - https://downloads.checkpoint.com/dc/...ad.htm?ID=5912
May be it will be helpful

[ohanes]

Thanks for the reply, that document is about using shared key and I what I'm looking is using smartcenter server as certificates authority to issue certificates for the IKE peer authentication.

Regards
Ohanes

[ddarby1]

Hi,

I guess this is a less common scenario, due to most of the site-to-site CheckPoint-PIX VPN's being of the Shared Secret type (all the ones I've done have been shared secret for example).

Also I guess that if really they want to use Certificates, organisations might choose to use a trusted third party Certificate Authority.

At any rate, as you've already discovered, there's not a huge amount of doucmentation on this.

I'll give it a go if you like, from which we should be able to generate a guide of some sort.

Post back or reply off thread if you want me to go ahead.

[Sergej]

Some time ago I found that CheckPoint CA have a Web Gui. I cant remember right now what are the functions and options of the GUI.
Try to find it, may be this will help you to issue certificate to PIX.

[ohanes]

many thanks for the tip, I'll investigate the web GUI for the CA and find out if it is possible to use it to issue certificate to PIX


Best Regards
Ohanes Semerjian