09-21-2004 02:41 PM
Hi all -I have a problem that sounds so simple, yet it is giving me even more gray hair!! I am trying to connect to a Checkpoint Device using Checkpoint VPN Secureremote client. I am behind a PIX firewall. I have opened up all of the obvious on the PIX - ESP, AH, ike, etc and have even experimented with opening all ip, tcp, and udp ports, but I still can't connect. I know that my notebook is configured correctly, because I can connect through a dial-up ISP without a problem. If anyone can help it would be greatly appreciated!!!!!
09-28-2004 10:34 AM
Are you using NAT Transversal on the PIX. There could be some issues because of it. Does PIX shows deny for connection with protocol 94 ?
09-30-2004 11:08 AM
First of all, thank you so much for trying to help!!!
I do get a deny for connection with protocol 94. I get this with nat traversal enabled and disabled.
09-30-2004 04:28 PM
Thats a known NAT issue, try with the new Visitor Mode that uses https tunneling. The problem might be solved in R55 in office mode but I have not tested it.
Problem:
sk23738
The information in this article applies to:
# SecuRemote NG with Application Intelligence R54
# Office Mode
# NAT device
Encryption and key exchange fails when connecting from a NAT device who's IP is belonging to internal routed networks on firewall module
sincerly
Patrick
10-04-2004 09:54 AM
Thank you Patrick. Unfortunately, I don't have any control over the SecureRemote device (It is at a hospital, and my clients are physicians trying to access the hospital network).
10-04-2004 11:24 AM
The problem is not on the Secure Client it is on the checkPoint firewall. If you enable the option in Visitor Mode on your VPN-1 Firewall it will work for your customer to connect.
sincerely
Patrick
10-05-2004 05:46 AM
Thanks again Patrick. I mis-stated in my last post - It is the firewall that I do not control. Do you happen to know if I will have the same problem connecting to a Nortel firewall/VPN device? This same physician wants to connect to another hospital that uses Nortel hardware.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide