cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
589
Views
0
Helpful
6
Replies

Connecting to a Checkpoint VPN from behind a PIX

joe
Level 1
Level 1

Hi all -I have a problem that sounds so simple, yet it is giving me even more gray hair!! I am trying to connect to a Checkpoint Device using Checkpoint VPN Secureremote client. I am behind a PIX firewall. I have opened up all of the obvious on the PIX - ESP, AH, ike, etc and have even experimented with opening all ip, tcp, and udp ports, but I still can't connect. I know that my notebook is configured correctly, because I can connect through a dial-up ISP without a problem. If anyone can help it would be greatly appreciated!!!!!

6 Replies 6

didyap
Level 6
Level 6

Are you using NAT Transversal on the PIX. There could be some issues because of it. Does PIX shows deny for connection with protocol 94 ?

First of all, thank you so much for trying to help!!!

I do get a deny for connection with protocol 94. I get this with nat traversal enabled and disabled.

Thats a known NAT issue, try with the new Visitor Mode that uses https tunneling. The problem might be solved in R55 in office mode but I have not tested it.

Problem:

sk23738

The information in this article applies to:

# SecuRemote NG with Application Intelligence R54

# Office Mode

# NAT device

Encryption and key exchange fails when connecting from a NAT device who's IP is belonging to internal routed networks on firewall module

sincerly

Patrick

Thank you Patrick. Unfortunately, I don't have any control over the SecureRemote device (It is at a hospital, and my clients are physicians trying to access the hospital network).

The problem is not on the Secure Client it is on the checkPoint firewall. If you enable the option in Visitor Mode on your VPN-1 Firewall it will work for your customer to connect.

sincerely

Patrick

Thanks again Patrick. I mis-stated in my last post - It is the firewall that I do not control. Do you happen to know if I will have the same problem connecting to a Nortel firewall/VPN device? This same physician wants to connect to another hospital that uses Nortel hardware.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: