CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 5 of 5

Thread: SmartCenter as Certificate Server for Cisco DMVPN Routers

  1. #1
    Join Date
    2011-11-08
    Posts
    7
    Rep Power
    0

    Default SmartCenter as Certificate Server for Cisco DMVPN Routers

    Guys,
    One of my company's customers have decided to replace their Checkpoint branch firewalls to Cisco routers that will be configured for DMVPN. They have Checkpoint gateways however at their Data Center and DR Site. Is it possible for the DMVPN routers to use the SmartCenter Server as their certificate authority? If so, what is required from the Smartcenter server's configuration? Has anyone done this?

  2. #2
    Join Date
    2006-09-26
    Posts
    3,194
    Rep Power
    17

    Default Re: SmartCenter as Certificate Server for Cisco DMVPN Routers

    Quote Originally Posted by johnny View Post
    Guys,
    One of my company's customers have decided to replace their Checkpoint branch firewalls to Cisco routers that will be configured for DMVPN. They have Checkpoint gateways however at their Data Center and DR Site. Is it possible for the DMVPN routers to use the SmartCenter Server as their certificate authority? If so, what is required from the Smartcenter server's configuration? Has anyone done this?
    Please elaborate on what you're trying to do. Not sure what you're trying to achieve here. DMVPN is a cisco technology, not checkpoint technology. Are you trying to implement DMVPN with CA by using the SmartCenter as the CA server?

  3. #3
    Join Date
    2011-11-08
    Posts
    7
    Rep Power
    0

    Default Re: SmartCenter as Certificate Server for Cisco DMVPN Routers

    Yes, thats exactly what i would like to achieve. I have expericence using an IOS CA before. I was wondering if it is indeed possible to use the Smartcenter as the CA for the Cisco Routers and if there is any documentation you know of that can provide a guide to implementing it.

  4. #4
    Join Date
    2006-09-26
    Posts
    3,194
    Rep Power
    17

    Default Re: SmartCenter as Certificate Server for Cisco DMVPN Routers

    Quote Originally Posted by johnny View Post
    Yes, thats exactly what i would like to achieve. I have expericence using an IOS CA before. I was wondering if it is indeed possible to use the Smartcenter as the CA for the Cisco Routers and if there is any documentation you know of that can provide a guide to implementing it.
    First of all, I don't think it is even supported (I've never tried this before). I dont' think it will work either. The real issue is support. If you run into issues, neither Cisco nor Checkpoint will even touch this.

    If you're going to implement DMVPN using CA, my suggestion is to use Microsoft CA because it is much easier to implement, even easier than using Cisco IOS CA. I've tried a few DMVPN with Microsoft CA
    when I was preparing for the CCIE Security lab and I can tell you the setup takes about 10 minutes to implement.

    my 2c

  5. #5
    Join Date
    2011-11-08
    Posts
    7
    Rep Power
    0

    Default Re: SmartCenter as Certificate Server for Cisco DMVPN Routers

    Thanks very much for this advice.

Similar Threads

  1. VPN with certificate between Cisco and Checkpoint
    By cciesec2006 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 11
    Last Post: 2018-10-12, 08:34
  2. Does checkpoint has a DMVPN solution?
    By sebastan_bach in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 12
    Last Post: 2011-06-06, 15:00
  3. OSE with Cisco routers
    By willmac in forum Interoperability
    Replies: 10
    Last Post: 2011-02-24, 00:46
  4. VPN Tunnel between CP SPLAT and Cisco Routers
    By papalove in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2009-11-06, 03:04
  5. Replies: 5
    Last Post: 2006-02-20, 06:43

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •