09-21-2004 02:41 PM
Hi all -I have a problem that sounds so simple, yet it is giving me even more gray hair!! I am trying to connect to a Checkpoint Device using Checkpoint VPN Secureremote client. I am behind a PIX firewall. I have opened up all of the obvious on the PIX - ESP, AH, ike, etc and have even experimented with opening all ip, tcp, and udp ports, but I still can't connect. I know that my notebook is configured correctly, because I can connect through a dial-up ISP without a problem. If anyone can help it would be greatly appreciated!!!!!
09-28-2004 10:34 AM
Are you using NAT Transversal on the PIX. There could be some issues because of it. Does PIX shows deny for connection with protocol 94 ?
09-30-2004 11:08 AM
First of all, thank you so much for trying to help!!!
I do get a deny for connection with protocol 94. I get this with nat traversal enabled and disabled.
09-30-2004 04:28 PM
Thats a known NAT issue, try with the new Visitor Mode that uses https tunneling. The problem might be solved in R55 in office mode but I have not tested it.
Problem:
sk23738
The information in this article applies to:
# SecuRemote NG with Application Intelligence R54
# Office Mode
# NAT device
Encryption and key exchange fails when connecting from a NAT device who's IP is belonging to internal routed networks on firewall module
sincerly
Patrick
10-04-2004 09:54 AM
Thank you Patrick. Unfortunately, I don't have any control over the SecureRemote device (It is at a hospital, and my clients are physicians trying to access the hospital network).
10-04-2004 11:24 AM
The problem is not on the Secure Client it is on the checkPoint firewall. If you enable the option in Visitor Mode on your VPN-1 Firewall it will work for your customer to connect.
sincerely
Patrick
10-05-2004 05:46 AM
Thanks again Patrick. I mis-stated in my last post - It is the firewall that I do not control. Do you happen to know if I will have the same problem connecting to a Nortel firewall/VPN device? This same physician wants to connect to another hospital that uses Nortel hardware.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: