Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
1
Replies

VPN Client through Checkpoint FW1 terminating at a PIX

alitster
Level 1
Level 1

‎10-30-2002 08:24 AM - edited ‎02-21-2020 12:09 PM

I'm trying to set up a VPN connection from a Cisco VPN client v3.6.1 that terminates at a PIX 515 6.2(2). The problem being is that the client is behind a Checkpoint FW1 firewall.

As it is the configuration works fine for mobile/home users. I have also so successfully connected through a Linux firewall box that uses netfilter/iptables, so I know it should work through NAT.

I as understand it, the PIX does not support IPsec over TCP.

We've tried opening up UDP/500(IKE) and ESP/Proto 50 but to no avail.

So are there some other ports we'd need to open or is it not possible to open a VPN connection through a Checkpoint FW1.

Any help greatly appreciated.

Regards,

Alan

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎10-31-2002 04:56 PM

Not sure if the CheckPoint supports IPSec over NAT. If the NAT'ing is truly the problem then you should be able to build the tunnel (cause this is all done on UDP 500 packets), but then not pass any traffic (since this is done using ESP packets, which a lot of boxes can't NAT properly cause they're not TCP/UDP packets).

You could also see if the CheckPoint is the problem by creating a one-to-one static translation for this VPN client, since then the NAT'ing should work fine.

The PIX does not currently support the IPSec over UDP/TCP functionality available in the client.

0 Helpful
Customers Also Viewed These Support Documents