PIX501 and CheckPoint

connector · ‎11-15-2004

Here is the story. I try to create VPN-connection from behind our firewall (Checkpoint, NAT active, adressies 172.16.xxx.yyy) to customers PIX501 and from there local network with adresses 192.168.xxx.yyy. VPN client is configured to use IPSec over UDP (NAT/PAT), gets connection to PIX501 but transparent tunneling is not active and client cannot ping local network behind PIX501.

I have tried connection from my home PC (no NAT) succesfully although the client does not show any IP-addressies on Route Details.

Problem is that our IT-consultant says that everything is OK in our side (we have succesful VPN-connections to other customers with transparent tunneling) and customer's IT-consultant says everything is OK on their side.

Could someone tell me which consultant I should push more to make things happen. This is frustating since consultants are not speaking to each other and I'm not familiar with the VPN but I need the connection.

Thanks

jay_colby · ‎11-15-2004

You will need to make sure you PIX is running 6.3 or later. You will be able to use Nat T with a pix. You will need to make sure this command is in the PIX.

isakmp nat-traversal

This uses udp port 4500 after it is neg. in phase 1 and 2 of Ipsec.

connector · ‎11-16-2004

Thanks for your reply Jay,

It was nice to hear that it is possible. I contacted consultant on the PIX end and he said that above things have been tried with no success.

At this point I have to give up, it is too difficult to force someone to do his job, this whole process has lasted now over 1.5 months...

Thanks anyway