02-11-2006 05:07 AM
Hi All.
We have a PIX natting our LAN to the Internet (1 public IP address only).
There's also a VPN lan-to-lan to a second site, and from our LAN we can use the Cisco VPN client to connect to several other remote sites.
The problem arises using the Checkpoint VPN client ("visitor" mode) to connecto to a remote site protected by a Checkpoint fw. I installed it on a laptop, and if I dial-in onto the Internet I do connect to that remote site without problems, but if I'm inside our LAN traffic gets stopped somewhere.
I suspect that the ISAKMP traffic gets "captured" by the lan-to-lan tunnel. Could it be the case?
Any hints?
Regs
02-16-2006 06:58 AM
Its not quite clear to me on what you meant by "ISAKMP traffic gets "captured" by the lan-to-lan tunnel". Does this traffic travese through PIX? If yes, check the PIX to see if your NAT commands allow this traffic to go from inside to outside.
02-17-2006 01:07 AM
As per the security standrad for remote client ,Split tunnel is diabled on the Checkpoint VPN gateway or VPN Client. This might Block your LAN traffic. Enable Split tunnel will help you to solve the problem
02-19-2006 07:13 PM
My understanding is CheckPoint visitor mode use tcp 443. Check if tcp 443 is allowed through your PIX. If you use a proxy server set proxy setting in Visitor mode.
CheckPoint VPN client has a good tool "srfwmon.exe". Try srfwmon to monitor traffic in and out of the client PC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide