Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
2
Replies

VPN from behind a PIX

bkimble
Level 1
Level 1

‎01-16-2007 07:16 AM - edited ‎02-21-2020 02:48 PM

Hello,

I have someone on our internal network that needs to vpn to a customer's site. I've set up a rules on the outside interface allowing pptp and gre from the server that the person is connecting to, to our internal network. The user is able to connect and authenticate, but after that they are not able to get to any of the servers on their customer's site.

The person is using the checkpoint vpn client to connect.

Any help is greatly appreciated.

Labels:
0 Helpful
2 Replies 2

lowen
Level 1
Level 1

‎01-18-2007 02:14 PM

Just went through this process (except client was Cisco and firewall was FWSM context). Try enabling esp inbound:

access-list whatever extended permit esp host server any

or something like that. If that doesn't work, make sure you have an explicit "deny ip any any log" at the end of your inbound acl, have the level set correctly, and review the log. You should messages sourced from the server being denied, which will tell you what you need to allow.

0 Helpful

scottosan
Level 1
Level 1

‎01-22-2007 09:50 AM

Unless you are using IPSec over TCP, you will need a 1 for 1 NAT. Standard IPSec does not work properly through a PAT'ed address.

0 Helpful
Customers Also Viewed These Support Documents