Site to Site IPSec VPN Configuration between Router and Checkpoint firewall

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello friends welcome to my youtube channel technet guide friends in this video we are going to learn how to configure ipsec vpn between cisco router and checkpoint firewall so friends earlier we have seen ipsec bpm configuration between two checkpoint firewall now we will see ipsec bpm configuration between cisco router and checkpoint firewall okay so you can see friends this is my site a cisco router and this image sideway checkpoint firewall we will configure ipsec vpn between cisco router and checkpoint firewall over isp okay this is isp and this is my cisco router outside interface it's a g10 ip address of my cisco router 4.2.2.1 and this is outside interface ip address so my checkpoint firewall 4.2.2 okay so my site a network is 192.168.1.0 we are going to encrypt this network over ipsec vpn and on site b we have a 172 116 1.0 network which are going to encrypt our ipsec vpn okay so friends let's see how to configure first we will start configuration on cisco router okay then we'll configure checkpoint firewall okay so let me show you how to configure on cisco router so friends we will configure step by step so go to config mode so first we will configure i just can policy our first step okay crypto isa camp poll c1 now we are now here we have to define as a camp parameters based on parameters you can see this image is parameters so same parameter we have to configure on both side okay so keep remember what you have configured router so same parameter should be on other side so encryption 3ds has md5 authentication pre-share and dh group then group 2 development group 2 then lifetime lifetime 864.0 okay second now we will define pre-shared key for authentication with other peer crypto as i can press crypto ischem key one two three address peer address will be for router pr will be 4.2.2.2 okay so now friends we have to create excel list to define which network should pass through the vp internal okay so i have a this network 192.168.1.0 for site a router side and for checkpoint firewall side we have a 172 16 1.0 so this network should pass through the vp internal so we have to create excel list for that ip excel list extended so we have to give ip exit list name name will be ipsec acl okay now permit ip permit ip 192 168 1.0 wildcard mask 0.0.0.255 now destination address will be 172 16 1.0 wildcard mask 255 right now we have created sel now friends we have to create ipsec transform set for page two okay so ipsec transform set give the name of transform set router to checkpoint variable okay now we have to define encryption method now provide esp method encryption protocol 3ds and as protocol will be md5 okay so here we have created transform set okay you have to keep remember this name okay we have to call on crypto map okay now create crypto map crypto map then crypto map name c map okay now project map number then ipsec is camp okay now crypto may will remain disabled until the peer and valid taxes list have been configured okay now we have to set peer address set peer forward 2.2.2 now we have to call transform set here set transform set transformation name will be what we have configured router cp router to checkpoint firewall right enter now we have to call access list match address excel list name what is the excelis name okay let me check the acceleration name here ipsec acl call this okay we have to call this crypto map on outside interface you can see this is my outside interface interface g1 0 crypto map c map press enter now from router side we have done okay now save this comparison now we have to start configuration on step one for all side here okay so let's start log it on smart dashboard so you can see this is a smart dashboard okay so front our first step will be we have to enable ipsec vpn blade okay enable you can see i have enabled this now click on ok yes so now friends we have to add this gateway remote gateway on checkpoint firewall now we are going to add with this ip address 4.2.2 so i have to add externally managed gateway click on new and select more and network objects gateway in servers then click on more here we can see externally managed vpn gateway select here now we have to add site a router okay so i have to give router outside ap address one outsider ap addresses photo 2.2.1 now here we have to enable firewall and enable ipsec vpn okay and then go to topology here now select here vpn domain which domain we want to encrypt for router a side going to encrypt 182.168.1.0 let me show you let me show you detail so this network we are going to encrypt from router side okay now click ok now our second step third step will be we have to create vpn community click new click no more then select bpm community select mesh community here provide the vpn community ipsec ipsec vpn now select gateway which we have added our local gateway and remote gateway site a router okay now select encryption now friends here we have to define isa camp based on parameters let me show you so on router we have defined 3ds md5 3ds and d5 group 2 okay and phase 2 we have defined 3ds and md5 okay share secret now we have to create shared secret key what we have configured on site a router same key we have to configure here okay said secret case would be same so now click on ok ok done now it's giving a warning it's just a warning okay at least one trick character shared secret key so friends we have created vpn community here okay now what we have to do go to local gateway checkpoint gateway and here we have to select vpn domain for checkpoint side side b our vpn domain will be network 170 let me show you 172 16 1.0 okay you can see 172 to 16 1.0 okay we have to define this network for this vpn domain okay now go to ipc vpn then we have to select link here okay which link we are going to use we are going to use our outside interface link see our outside interface link is there okay so vpn traffic pass through this network okay we are defined we have to define this now click on ok yes now we have to create policy okay create policy our source network our source network will be 192 168 destination will be 170 we have to add vice versa okay because you have to pass traffic from both end vpn community you have to select bpm community select okay packet accept and log okay now click on so we have done now now we have to publish click on publish now click on install policy done now friends go to a topology here now we can ping from this pc to this pc this this pc i paired this 170 to 61.10 from here we should able to ping this ip okay let's check if you are able to ping ping 172 16 1.10 it should bring over ipsic vpn okay done now it's pinging okay now it's bringing so let me check on router i okay yeah you can see so isaac a message is done active now we have to check ipsec essay so crypto ipsec so you can see all the parameters here locally 4.2.1 and remote is crypto is 4.2.2 outside interface one to select zero okay dh group so status is active okay so our transform set is usb 3ds 75 so friends our ipsec bpm tunnel is up okay now let's go to our firewall checkpoint firewall so where you can check logs go to logs then replace its log you can see traffic is decrypted okay drop this network traffic encrypt on this router okay now uncheck point firewall is showing disk decrypted so you can see traffic is decrypted open lock means decrypt okay so let me show you detail blade is vpn okay access vpn peer site router source okay peer a pair device method esp 3ds 75 community ipsec vpn source 192.162.1.10 destination 1.10 action is decrypt okay now friends if you initiate traffic from this end okay then what would then see what will happen that will click on it okay 192. 168 1.10 now it's beginning okay so let's check on checkpoint firewall what is it showing go to logs just replace it now you can see traffic is encrypted when we initiate trapping from side b check point side okay source is 172 and destination 192. then the page decrypter encrypt here okay trippy going to encrypt and on router is going to decrypt okay so friends in this video we have seen how to configure ipsec vpn between checkpoint firewall and cisco router so thanks for watching have a nice day
Info
Channel: TechNet Guide
Views: 156
Rating: undefined out of 5
Keywords: how to, ipsec vpn, ipsec vpn configuration, site to site vpn configuration, checkpoint firewall, ipsec vpn configuration between checkpoint firewall and cisco router., router and checkpoint firewall, ipsec vpn configuration between, checkpoint firewall and router, cisco router, how to configure ipsec vpn, cisco site to site vpn configuration step by step, step by step, ipsec, vpn, Site to Site IPSec VPN
Id: gghiIodvU6s
Channel Id: undefined
Length: 15min 16sec (916 seconds)
Published: Thu Nov 25 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.