User`s guide

Page 26 of 30 Rel. 3.5 Release Notes

Inter-operability with Third-Party VPN Gateways Release Notes

Release 3.5 Enhanced Support for VPN Clients

4. Enter a Network Object for the ANG-1102 Private Address. Select Manage >

Network objects > New (or Edit) >.

– Enter the name of the Network Object (reference only).

– Enter the Private Address/Mask of the ANG-1102 network.

(192.168.1.0/24).

– Set the location = External.

5. Enter a Network Object for the ANG-1102. Select Manage > Network objects

> New > Workstation.

– Enter the Gateway Tunnel Endpoint of the ANG-1102 (146.115.206.68)

– Set the Location = External, Type = Gateway.

NOTE

Do not select the VPN-1/FireWall-1 check box.

6. Configure the IKE properties for the Phase I Connection. Select Manage >

Network objects > Edit to edit the Checkpoint gateway endpoint created in

Step 3.

– Select the VPN tab.

– Select Other, under Domain.

– Select the inside of the Checkpoint network name (Step 2) from the drop-

down list.

– Select IKE under Encryption schemes defined and then click Edit.

– Change the IKE properties to 3DES encryption.

– Change the IKE properties to SHA1 hashing.

NOTE

The ANG-1102 supports 3DES/SHA1 and 3DES/MD5 & PFS Group 2 for a Phase

I connection.

– Change the following settings:

- De-select Aggressive Mode.

- Select the Supports Subnets check box.

- Select the Pre-Shared Secret check box.

- Click Edit Secrets to set the pre-shared key to what was set on the

ANG-1102.

7. Repeat the Process for the ANG-1102 connection created in Step 5.

8. Create a Rule for the Source and Destination. Policy > Add Rule.

– Select the Source and Destination to be the Private Address objects

created with Step 2 and Step 4, make the Bidirectional).

– Set Service = ANY, Action = Encrypt, Track = Long.