I configured SafeNet SoftRemote 8.0 VPN client on a PC with static IP address to connect to a Check Point VPN-1 v4.1 Gateway successfully. To this end, both a pre-shared secret and the pc IP address had to be specified in the Check Point gateway. I wonder if it is possible to configure the Check Point Gateway so that it can accept SoftRemote connections from PCs with dynamic IP addresses. If so how can that be done? I know that is possible in other VPN gateways by specifying a "group pre-shared secret" for the IP address 0.0.0.0, so that all VPN clients use the same secret, something I haven't been able to do on the Check Point gateway.
Thanks in advance,
I checked with my friends at SafeNet to see if they had set up this configuration before, but they had not. They are pretty confident that this could be done. Alternatively, you might try the native Check Point client. Sorry I couldn't provide more advice than this.
In general, I would caution against the use of group shared-secrets as they create a pretty significant security hole. (Actually, I don't like the use of shared secrets in general.) The problem is that, if you compromise one secret, you compromise the entire group. With static IP addresses, you have another layer of security, but with dynamic addresses you forfeit this. If you decide to use shared-secrets or group shared-secrets, make sure to change them frequently to avoid real security problems.
Dig Deeper on Network Infrastructure
Related Q&A from Mark Tuomenoksa
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.