Ipsec

dairojim · February 8, 2010, 6:17pm

I need to conect using IPSEC

I have a MIKROTIK IPSEC with FW Check Point

This are de Parameters for the FW Check Point

Phase 1 Authentication Method Pre-shared Key(se definirá por teléfono)
Encryption Scheme IKE
Diffie-Hellman Group Group2 – 1024 bit
Encryption Algorithm 3DES
Hashing Algorithm SHA1
Main or Aggressive Mode Main
Lifetime (for renegotiation) 1440 min
Phase 2 Encapsulation (ESP or AH) ESP
Encryption Algorithm 3DES
Authentication Algorithm SHA1
Perfect Forward Secrecy NO PFS
Lifetime (for renegotiation) 3600 seg
Lifesize in KB (for renegotiation) n/a
Key Exchange For Subnets? Yes

fewi · February 8, 2010, 6:42pm

Something like this:

/ip ipsec proposal 
add name=checkpoint auth-algorithms=sha1 enc-algorithms=3des lifetime=3600s pfs-group=none
/ip ipsec policy
add ipsec-protocols=esp proposal=checkpoint sa-dst-address=[remote peer IP] sa-src-address=[local peer IP] dst-address=[remote protected network]:any src-address=[local protected network]:any level=require action=encrypt protocol=all 
/ip ipsec peer
add address=[remote peer IP]:500 dh-group=modp1024 enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=sha1 lifetime=1440m auth-method=pre-shared-key secret=mySharedKey

You’re not stating what your authentication method is, the peer above assumes PSK. You’re also not stating what traffic to protect, the above assumes all IP traffic.

http://wiki.mikrotik.com/wiki/IPsec for details

dyazev · June 17, 2013, 6:29am

any results? Anyone did ipsec between Checkpoint and Mikrotik? Is it real?

logiqit · July 17, 2013, 11:17am

Did any of you get this resolved?

I make site-to-site IPsec from a RB1100AHx2 to a checkpoint RX60

Thank you.