Checkpoint VPN to Prestige Tunneling

  1. Setup Prestige
  2. Setup Checkpoint VPN

Note: Not all ZyXEL Prestige provide VPN functionality. Please check the User's Manual from the packaged CD-ROM.


This page guides us to setup a VPN connection between Checkpoint VPN and Prestige router. 

As the figure shown below, the tunnel between Prestige and Checkpoint ensures the packets flow between them are secure. Because the packets go through the IPSec tunnel are encrypted. To setup this VPN tunnel, the required settings for the software and Prestige are explained in the following.

  The IP addresses we use in this example are as shown below. 

LAN  1

Checkpoint

Prestige 

LAN 2

172.16.16.0/24

62.2.237.177

217.20.195.73

192.168.99.0/24


1. Setup Prestige

 Remove default fliter rule from Menu 3.1

 Edit LAN segment of Prestige10. In this example, we setup Prestige10 as DHCP server, and it¡¦s LAN IP address is 192.168.99.1.

Edit Internet Access of Prestige10.

 In SMT menu 27, create a VPN rule like following.




2. Setup Checkpoint VPN  

Creating Network objects.

Click on New/Network, define the LAN segment of Prestige. Select Locationa as External.

(Note-Internal and external refer to whether this network is protected behind the Checkpoint or not.)

Define the LAN segment of Checkpoint. Select Location as Internal.

If there are more than one network  would like to utilize the VPN tunnel. You can merge the networks into one group.

Creating VPN Objects  

Define Prestige box as a tunnel end point. (Name: SOHO_TEST)

Select VPN tab to define the protected domain of ZW, and the Encryption schemes used by the tunnel.  

 

Define checkpoint box as a tunnel endpoint.

Select VPN tab to define the protected domain of Checkpoint, and the Encryption schemes used by the tunnel.

Choose IKE and press Edit¡K to edit the Phase1 parameters and pre-shared key.

Edit pre-shared key by selecting Pre-Shared Secret in Authentication Method. Choose Pre-Shared Secret then press Edit-Secretes¡K

Select SOHO_TEST as peer, and input the pre-shared key.

Define VPN policy.

Create a new rule at or near the top of the policy. This rule should include both encryption domains as both source and destination and the action should be encrypt as shown below.

Double click on the "encrypt" action to edit the encryption properties. Select IKE as the form of encryption, and click on edit and select the Phase 2 parameters.