[Openswan Users] Accessing a checkpoint NGX VPN server

Mike Peters mike.peters at opengi.co.uk
Mon Sep 24 04:44:23 EDT 2007 

On Fri, 2007-09-21 at 21:33 -0700, Graham Smith wrote:
> Hi
> 
> I'm stumped as to how vpn in to checkpoint NGX. I'm runinng ubuntu 7.04. 
> I kow the vpn server Ip address, the gateway and my password. How do I 
> configure this in ipsec.conf ?
> 
The following is my working config, where a.b.c.d is my OpenS/WAN
gateway and w.x.y.z is the Checkpoint gateway.

The password goes into /etc/ipsec.secrets:
        w.x.y.z  a.b.c.d : "secret"

My ipsec.conf is as follows:
        config setup
           nat_traversal=yes
           interfaces=%defaultroute
           plutowait=yes
        
        ## Gateway-to-gateway: Check Point <-> OpenS/WAN
        conn fw1-openswan
          type=tunnel
          # Left side is Checkpoint
          left=w.x.y.z
          leftnexthop=%defaultroute
          leftsubnet=192.168.8.0/24
          # Right side is OpenS/WAN
          right=a.b.c.d
          rightnexthop=%defaultroute
          rightsubnet=192.168.134.0/24
          keyexchange=ike
          auth=esp
          pfs=yes
          auto=start
          authby=secret
        
        conn net-fw1-net-openswan
          type=tunnel
          left=w.x.y.z
          leftnexthop=%defaultroute
          leftsubnet=192.168.8.0/24
          right=a.b.c.d
          rightnexthop=%defaultroute
          rightsubnet=192.168.134.0/24
          keyexchange=ike
          auth=esp
          pfs=yes
          auto=start
          authby=secret

-- 
Mike Peters
Open G I Limited
www.opengi.co.uk

Please consider the environment before printing this e-mail

"This message is intended for the named recipient only and may be privileged and/or confidential. If you are not
the intended or named recipient or have received this email in error then you should not copy forward or disclose
it to any other persons. If you have received this email in error you should destroy it and contact the sender so
that we may take appropriate action. The views and opinions expressed in this email may not represent the views
and opinions of Open International Limited or any of its subsidiaries and are made without prejudice and subject
to contract. The Company Reserves the right to intercept and review all email communications."

Open International Limited. Registered Office: Buckholt Drive, Warndon, Worcester, WR4 9SR.
Registered in England. Registered No: 05716519

More information about the Users mailing list