Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
3
Replies

CheckPoint SecureRemote client through PIX firewall

daniel.kline
Level 1
Level 1

‎10-13-2005 05:36 AM - edited ‎02-21-2020 12:27 AM

I have encountered an issue with a CheckPoint SecureRemote VPN client running through a PIX-515e firewall. The client appears to connect, and traffic seems to be getting to the CheckPoint firewall, but the client does not receive any responses. The CheckPoint administrator says he can see traffic arriving at the firewall, but no responses coming back. I have asked him to verify that his firewall and routing configurations are correct on his network.

This has worked in the past, but was not used for several months, and now does not work. Nothing apperas to have changed in the PIX configuration, and the CheckPoint adminstrator says that nothing has changed on their end either.

I set up a static NAT on the PIX for the CheckPoint client machine and NAT-T is enabled.

I make IPSEC VPN connections to PIX firewalls from various locations on the Internet through various firewalls and have not encountered this sort of problem before. Any suggestions would be appreciated.

Regards,

dk

0 Helpful
3 Replies 3

mchin345
Level 6
Level 6

‎10-19-2005 12:55 PM

If you have enabled NAT-T, make sure you have opened the PIX access-list to pass UDP/4500 traffic.

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to mchin345

‎10-19-2005 03:26 PM

Stupied question have you reinstalled allready the CheckPoint VPN Client. All VPN clients get into troubles when you install new patches and software that touches the TCP/IP stack.

sincerely

Patrick

0 Helpful

daniel.kline
Level 1
Level 1
In response to Patrick Iseli

‎10-19-2005 05:48 PM

Thank you for the responses. I have enabled NAT-T, but I have not opened UDP port 4500: I will give this a try. The VPN client and PIX firewall are remote to me (in Florida), but the person at the Florida location said he has reinstalled the SecureRemote client. The Checkpoint firewall is at yet another remote location in the Mid-West. The local firewall administrator is certain that it is not the Checkpoint firewall or network on his end causing the problem. We are going to try to attach the PC outside of the PIX firewall to see if the issue goes away. Even if it does resolve the problem, it doesn't answer the question of why it doesn't work behind the firewall, and we can't leave the PC outside of the firewall permanently.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card