site to site ipsec between F5 and CHECKPOINT

Question

i went to configure site to site IPSEC VPN between BIG IP and checkpoint firewall please help me and share document&nbsp;

psilva · Answer

This might help:&nbsp;
Configuring IPsec between a BIG-IP System and a Third-Party Device&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-4-0/19.html&nbsp;
and&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ipsec-interop-matrix.html&nbsp;
ps&nbsp;

niels_van_sluis · Answer

I can confirm that it's possible to create an IPSEC tunnel between a F5-BIG-IP and a Check Point firewall. I've been testing this in my lab with R80.10 and it's working. I've noticed that it is key to use PFS in Phase 2. Without PFS in Phase 2 it didn't work. Here are some settings I tried:
Phase 1:
SHA-1/AES-128 + DH Group 2 works!
SHA-256/AES-256 + DH Group 2 works!

Phase 2:
SHA-1/3DES + MODP1024 works!
SHA-1/AES-128 + MODP1024 works!
SHA-1/AES-256 + MODP1024 works! 
SHA-256/AES-256 + MODP1024 works!

Forum Discussion

site to site ipsec between F5 and CHECKPOINT

Recent Discussions

NetScaler to F5 Migration

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Related Content

Integrating SSL Orchestrator with CheckPoint Firewall VM-Explicit Proxy

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

Integrating SSL Orchestrator with CheckPoint Firewall VM-Bridge Mode (L2)

Integrating SSL Orchestrator with CheckPoint Firewall VM-Transparent Proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS