Configuring Advanced Site to Site Settings
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|354
The purpose of the IKEv2 ID Type exchanged during the IKEv2 Main Mode (MM) negotiation
(Packet 5 and Packet 6) is to provide an ID, based on which the remote peer searches for the
local peer in its database.
The ID Type is not necessary for IKEv2 Main Mode (MM) negotiation between Check Point
Security Gateways. However, it is necessary for most 3rd-party VPN gateways. It is important
to make sure both sides authenticate using the same ID Type and ID values.
Quantum Spark Spark gateways can configure IKEv2 ID Type to one of these:
n
An FQDN (this is the default).
n
An IP address (determined dynamically, based on the OS routing) - in R81.10.10 and
higher.
To see the current configuration:
1. Connect to the command line on the Quantum Spark appliance.
2. Log in.
3. If your default shell is Gaia Clish, then go to the Expert mode:
expert
4. Examine the value of the Registry parameter:
ckp_regedit -p SOFTWARE\\CheckPoint\\VPN1 | grep
BestRoutingSenderIP
Explanation:
n
If the output shows the value "False", then the Quantum Spark gateway configures
IKEv2 ID Type to an FQDN
n
If the output shows the value "True", then the Quantum Spark gateway configures
IKEv2 ID Type to its IP address
To configure IKEv2 ID Type to an FQDN:
Important - Schedule a maintenance window.
1. Connect to the command line on the Quantum Spark appliance.
2. Log in.
To Next Page
Loading...
