_444x112.jpg)
|
|
KnowledgebaseCheck Point with ZyWALL VPN Tunneling
Problem:Check Point with ZyWALL VPN Tunneling
|
| ZyWALL | Check Point |
| WAN: 172.22.1.236 LAN: 192.168.1.0/24 |
WAN: 172.22.2.58 LAN: 192.168.2.0/24 |
1. Setup ZyWALL VPN
- Using a web browser, login ZyWALL by giving the LAN IP address of ZyWALL in URL field. Default LAN IP is 192.168.1.1, default password to login web configurator is 1234.
- Go to SECURITY->VPN->Press Add button
- Give a name for your policy, for example ¡§ToCheckPoint¡¨
- My IP Addr is the WAN IP of ZyWALL. In this example, you should type 172.22.1.236 IP address on My ZyWALL text box.
- Secure Gateway IP Addr is the remote PC¡¦s IP address. In this example, you should type 172.22.2.58 IP address on Remote Gateway text box.
- In Authentication Key, enter the key string 12345678 in the Pre-Shared Key text box.
- Select Negotiation Mode to Main mode, Encryption Algorithm to DES, Authentication Algorithm to MD5, Key Group to DH1, and then press Apply button on this page.
- After you press the Apply button, you will see an IKE rule on this page, press L/R button to edit your
- Check Active check box and give a name to this policy.
- On Gateway Policy Information, you should choose ToCheckPoint IKE policy for your IPSec rule.
- On Local Network, choose Subnet Address for your Address Type. Starting IP Address and Ending IP Address/Subnet are your local site LAN IP addresses. In this example, you should type 192.168.1.0 on Starting IP Address field and then type 255.255.255.0 on Ending IP Address/Subnet field.
- On Remote Network, choose Subnet Address for your Address Type. Starting IP Address and Ending IP Address/Subnet are your remote site LAN IP addresses. In this example, you should type 192.168.2.0 on Starting IP Address field and then type 255.255.255.0 on Ending IP Address/Subnet field.
- On IPSec Proposal, select Encapsulation Mode to Tunnel, Active Protocol to ESP, Encryption Algorithm to DES and Authentication Algorithm to SHA1, and then press Apply button on this page.
- After you press the Apply button, you will see the following page.
2. Setup CheckPoint VPN
I. Setup Network Objects
1. on your PC, clicking Start->Programmer->Check Point SmartConsole R60 -> SmartDashboard
2. Enter your user name and password, then press OK button to use your Check Point.
3. On Network Objects, you must see a default check point object here. For this example, my default check point object is twsrv12191, double click the object to check its settings.
4. Before you did the settings, you should make sure that your object is a Check Point Gateway.(not a Check Point Host)
5. If your check point object is a Check Point Host, select your object and click the right button on your mouse, then choose Convert To Gateway to change its settings.
6. On General Properties, the IP Addrrss field is the WAN IP of your PC. In this example, you should type 172.22.2.58 IP address on the text box. On Check Point Products settings, check VPN check box here.
7. On Topology settings, you should see two interfaces of IP settings here if your PC has two network cards.
8. Selecting 172.22.2.58 interface, and press Edit button to check its settings. Clicking Topology screen, choose External (leads out to the internet) for the interface. Then, press OK button to save the settings.
9. Selecting 192.168.2.0 interface, and press Edit button to check its settings. Clicking Topology screen, choose Internal (leads to the local network) and Network defined by the interface IP and Net Mask for the interface, then press OK button to save the settings.
II. Setup Interoperable Device
10. On the main menu, click Manage -> Network Objects.
11. You will see the network objects window, press new button and select Interoperable Device.
12. On General Properties settings, give a name and an IP address for the Interoperable Device. In this example, the IP address is ZyWALL¡¦s WAN IP address.
13. On Topology settings, pressing Add button to add a new interface.
14. Giving a name for the interface, and assign the IP address/ subnet mask for the interface. In this example, you should assign ZyWALL¡¦s WAN port settings.
15. Clicking Topology screen, and choose External (leads out to the internet) for the interface. Then, press OK button to save the settings.
16. Pressing Add button to add another interface.
17. Giving a name for the interface, and assign the IP address/ subnet mask for the interface. In this example, you should assign ZyWALL¡¦s LAN port settings.
18. Clicking Topology screen, choose Internal (leads to the local network) and Network defined by the interface IP and Net Mask for the interface, then press OK button to save the settings.
19. Pressing OK button to save the settings.
III. Setup Networks
20. Selecting Networks object and click the right button of your mouse, and choose New Network.
21. Give a name for your network policy, and set the network IP address to 192.168.1.0/24. Then, press OK button to save the settings.
22. To add another network policy, and set the network IP address 192.168.2.0/24. Then, press OK button to save the settings.
IV. Setup VPN Communities
23. Click VPN communities tab to do the
settings.
24. On VPN communities, click New -> Site To Site -> Star
25. On General settings, giving a name for your VPN communities. For example, CheckPoint_ZyWALL.
26. On Center Gateways settings, press Add button to add a center gateway.
27. If you have already done the previous settings, you should see a central gateway here. Select the gateway, and then press OK button.
28. On Satellite Gateways settings, press Add button to add a remote gateway.
29. If you have already done the previous settings, you should see a remote gateway here. Select the gateway, and then press OK button.
30. On VPN Properties settings, select Encryption Algorithm to DES, Authentication Algorithm to MD5 on phase 1, and also select Encryption Algorithm to DES, Authentication Algorithm to SHA1 on phase 2.
31. On Tunnel Management, leave the settings to default settings.
32. On VPN routing settings, choose To center, or through the center to other satellites, to internet and other VPN targets option.
33. On Shared Secret settings, choose ToZyWALL option, and press Edit button
34. Enter the secret key in the text box, and then press OK button.
35. On Advanced VPN Properties settings, choose Group 1 for Diffie-Hellman settings.
36. Press OK button to save your settings.
37. After you press OK button, you should see a new object here.
IV. Setup Security
38. Click Security tab on the right side to do the security settings.
39. Press Add button to add a rule.
40. On the default rule, select the source field, and click right button of your mouse, and then choose Add¡K option to add your network objects.
41. Choosing Net_192.168.1.0 network object, and press OK button to save your settings.
42. To use the same way to add another network object (Net_192.168.2.0) on the source field.
43. On the destination field, please use the same way to add your network objects: Net_192.168.1.0 and Net_192.168.2.0.
44. On the VPN field, click right button of your mouse, and choose Edit Cell¡K option to add your VPN communities.
45. On VPN Match Conditions, choose Only connections encrypted in specific VPN Communities option, and press Add button to add community to your rule.
46. Choosing CheckPoint_ZyWALL object for your rule, and press OK button.
47. Clicking OK button to save your settings.
48. On action field, click right button of your mouse, and choose accept option for your rule.
49. On the track field, click right button of your mouse, and choose Log option for your rule.
50. If you finished the settings, you should see a rule as below.
51. Pressing add button to add another rule which could drop packets if it doesn¡¦t match your VPN rule.
V. Install Policy
52. On your main menu, click Policy -> Install.. option to Install your policy.
53. Selecting your policy rule, and press OK button to install the policy.
54. Waiting few seconds for the installation.
55. If you install the policy successfully, your VPN tunnel should work normally with your ZyWALL.
|
|