Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
1
Replies

CheckPoint tunnel through PIX

vanagon2tdi
Level 1
Level 1

‎12-22-2004 01:07 PM - edited ‎02-20-2020 11:49 PM

I have a client that sits on the inside of my PIX, and is trying to pass a proprietary Checkpoint tunnel through my PIX to his office with another Checkpoint their. He uses port 18192 and has a Checkpoint NGAI on both sides.

I have setup a static nat for him (his address to his address) and opened up the access to allow any to his address.

He is unable to establish the connection, but has no trouble pinging or telneting to his device.

Any ideas?

0 Helpful
1 Reply 1

bforan
Level 1
Level 1

‎12-22-2004 02:49 PM

When you say you have allowed "any", how did you do that? If you did this by allowing IP, then you may need to also allow ESP or AH, depending on the connection type and protocols in use by the Checkpoint client.

Probably ESP will be needed, which is protocol 50.

Which direction did you allow the traffic?

ICMP and telnet will pass if you allow IP.

As a troubleshooting step, you can also debug the firewall's outside interface and see what type of traffic is coming and going to/from the client and the other end.

Let me know if this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card