Community Home > Discuss > Technology > Wired Intelligent Edge (Campus Switching and Routi... > Re: MAS vpn to firewall?

Wired Intelligent Edge (Campus Switching and Routing)

Reply
MVP
MVP
Michael_Clarke

MAS vpn to firewall?

‎12-23-2014 04:41 AM

Does the MAS support setting up a VPN to a third-party firewall like a checkpoint?

 

It will be used for management only, and not client traffic.

 

I see mentioned a lot about a VPN to a controller, but nothing about terminating on a firewall.

 

Thanks


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Alert a Moderator
Message 1 of 7
2,992 Views
Reply
0 Kudos
Valued Contributor II
dhanraj_puduchery@yahoo.com

Re: MAS vpn to firewall?

‎12-23-2014 06:01 AM

Hi,

 

I believe we can configure VPN from MAS to a third party firewall.

 

But I'm not sure about the limitations :)

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Alert a Moderator
Message 2 of 7
2,963 Views
Reply
0 Kudos
Aruba
Aruba
madjali

Re: MAS vpn to firewall?

‎12-23-2014 07:14 AM

Michael,

We have previously done VPN testing against products from Juniper, Fortinet, Cisco and Strongswan. I can't say with 100% certainty that it will work with Checkpoint but we haven't done anything in code to prevent interoperability with 3rd parties.

 

Best regards,

 

Madani

Alert a Moderator
Message 3 of 7
2,954 Views
Reply
MVP
MVP
Michael_Clarke

Re: MAS vpn to firewall?

‎12-23-2014 07:33 AM

Excellent.  Good to know.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Alert a Moderator
Message 4 of 7
2,949 Views
Reply
0 Kudos
MVP
MVP
Michael_Clarke

Re: MAS vpn to firewall?

‎05-13-2015 12:39 AM

I have managed to get this to work with a Checkpoint firewall.  It took a bit of fiddling about to ensure the settings matched that of the Checkpoint.  In the end I think what made it spring into life was that I created a custom isakmp policy.

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Alert a Moderator
Message 5 of 7
2,699 Views
Reply
MVP
MVP
Michael_Clarke

Re: MAS vpn to firewall?

‎05-29-2015 12:37 PM

Well I seem to have spoken too soon.  It appears to be up and working but we can't reach anything through the tunnel.  The Checkpoint is showing encryption errors and keeps trying to reform the sa.

 

Just for a laugh I tried to setup the vpn to an Aruba controller to test and I can't seem to get this to work either.  It all appears fine and I see the association in 'show crypto ipsec sa' on both ends.  Strangely on the controller nothing shows in 'show datapath tunnel table'.

 

TAC are looking at it now as well, but so far they can't see why it isn't working.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Alert a Moderator
Message 6 of 7
2,640 Views
Reply
0 Kudos
Highlighted
MVP
MVP
Michael_Clarke

Re: MAS vpn to firewall?

‎07-10-2015 03:27 AM

Have been working on this with TAC for a while now and we got lucky today.

The controller was complaining that it did not have the ISA-PSK for that host.  It was certainly there if we did a 'show crypto isakmp key'

 

It wasn't until we went in via the GUI, edited the ipsec-map and added the key here, it all worked.

airheads-ipsec key.jpg

I might get back round to looking at the Checkpoint again one day.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Alert a Moderator
Message 7 of 7
2,503 Views
Reply
0 Kudos
Search Airheads
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2019 Hewlett Packard Enterprise Development LP
All Rights Reserved.
Powered by Lithium