Check Point VPN-1/FireWall-1

Connecting to other Products with VPN

AERAsec Network Services and Security GmbH

Sometimes it's heard, that building a VPN between Check Point VPN-1 and other products is difficult. Yes, if the administrators don't exchange basic information like protocols, encryption and hash algorithms as well as other parameters, it's quite impossible.
But if the necessary information is provided, it works in most cases...

So here are some links for building VPN's to other VPN endpoints as from Check Point.

Connecting a VPN from Check Point VPN-1 to...

Astaro A VPN between Astaro Security Linux V4 and Check Point NG FP3 in Tradtional Mode using X.509 certificates is described by Andreas Mertz and Kurt Knochner on 45 pages.

Hints for configuring a VPN between a Bintec Router and a VPN-1 4.1 on Nokia have been published by Bintec. AERAsec has published hints for configuring a VPN between a BinTec IPsec enabled router and VPN-1 Pro NG AI.

Cisco PIX

Cisco (PDF) and Check Point provide a step-by-step how-to connect Check Point 4.1. A sample configuration written by Inti Shah can be found at Phoneboy's.
Connecting Cisco PIX 6.2.1 with Check Point NG is described by Cisco (PDF). Another document about this topic is available from Cisco .

Cisco Router

For a VPN to a router some information is provided by Cisco (PDF) and by Check Point using version 4.1. A VPN from VPN-1 4.1 to Cisco VPN 3000 Concentrator (PDF) and Cisco VPN 5000 Concentrator (PDF) has been published by Cisco.
Phoneboy has also published a document by Axel Hoffman about configuring a Cisco 1720.
Obiwankenobi has published how to build a VPN deploying manual IPSec from Check Point to Cisco 1605 (no more supported by Check Point now).
A document describing how to build a VPN between Cisco PIX 501 - Cisco 806 Router with Check Point Next Generation NG FP3 has been published here.
Cisco provides information how to build up a VPN between Check Point NG and a Cisco VPN Router 1751 (PDF). They have also published a document how to set up a VPN between Cisco VPN 3000 Concentrator and NG (PDF).

DrayTek DSL Router How to build a VPN between a DrayTek DSL router and a Check Point VPN-1 4.1 is described by Hans de Jong here. For authentication a shared secret is used.

How to build an IKE VPN with pre-shared secrets between Check Point 4.1 on Debian and FreeBSD with Racoon has been published by Neil Camara (local copy), including hints for firewall-rules. You can download this paper from Obiwankenobi's site also.


A step-by-step NG FP2 documentation VPN with FreeS/WAN published by AERAsec. Connecting VPN-1 4.1 and Linux is also described by Check Point.

NAI Gauntlet Firewall

Phoneboy has published documents by Junaid Syed and Andrew Caird & Kip Cranford describing a VPN between Gauntlet 5.x and Check Point VPN-1 4.1.


A document hosted by The Shmoo Group describes the configuration for a VPN between Check Point VPN-1 4.x and PGP Version 6.5.1. Additionally, Phoneboy hosts a document how to connect PGP Version 7.0 with Check Point VPN-1 4.x deploying an Entrust PKI.

NetScreen 5XP

Check Point has published a document how to set up a VPN using IKE and preshared secrets between Next Generation FP1 and Netscreen with ScreenOS 3.0.

Nortel Contivity How to configure a VPN between a Check Point VPN-1 4.1 and a Nortel Contivity 600 Switch has been described by Check Point.
Raptor Firewall

Information about building a VPN between Raptor and Check Point 4.1 by Obiwankenobi.

Racoon under Linux

A 'work in progress' document by AERAsec describes in its first version the support matrix for a VPN between Check Point NG AI and Racoon under Linux.


Good information provided by SonicWALL for IKE VPN to Check Point 4.1 and NG.

StoneSoft How to set up a clustered VPN between StoneGate 2.0 and Check Point NG FP3 using Simplified Mode and an IKE pre-shared secret is described by StoneSoft.

This manufacturer gives information how to set up a VPN from Check Point to SOHO and Firebox II. A VPN between NG FP2 and Firebox II 6.0 is described by Cossy Cosmas.


ZyXEL provides some documents how to configure VPNs to Check Point VPN-1. They are about ZyWALL 1, ZyWALL 2/2WE, ZyWALL 5, ZyWALL 10/50/100, ZyWALL 35, and ZyWALL 70.


We are not responsible for the content shown when following these links above.

No warranty at all, your Feedback is welcome!
© 2002-2013 AERAsec Network Services and Security GmbH, last change 2004-09-07
back to