Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
0
Helpful
1
Replies

VPN tunnel through PIX

florek
Level 1
Level 1

‎06-28-2002 04:17 AM - edited ‎02-21-2020 11:50 AM

Hello

I have Checpoint VPN-1 (inside) with SecuRemote (VPN Client) (outside) and

PIX between them. (two level firewall)

I opened IP/50 & 51 & udp 500, but

PIX reset connection Client to VPN-1:

pixfirewall# 302013: Built inbound TCP connection 102 for outside:213.77.20.45/1

485 (213.77.20.45/1485) to inside:192.168.30.5/264 (213.77.20.40/264)

302013: Built inbound TCP connection 103 for outside:213.77.20.45/1486 (213.77.2

0.45/1486) to inside:192.168.30.5/264 (213.77.20.40/264)

302014: Teardown TCP connection 103 for outside:213.77.20.45/1486 to inside:192.

168.30.5/264 duration 0:00:01 bytes 4641 TCP Reset-O

106015: Deny TCP (no connection) from 213.77.20.45/1486 to 213.77.20.40/264 flag

s RST on interface outside

106015: Deny TCP (no connection) from 192.168.30.5/264 to 213.77.20.45/1486 flag

s RST on interface inside

302014: Teardown TCP connection 102 for outside:213.77.20.45/1485 to inside:192.

168.30.5/264 duration 0:00:17 bytes 45 TCP FINs

Any tips ?

Pawel Florek

Labels:
0 Helpful
1 Reply 1

franzin
Level 1
Level 1

‎06-28-2002 09:02 AM

As I could see (if I understand) you are using NAT to get the Checkpoint

Firewall. This is incompatible with SecureRemote if you are trying to

establish a tunnel with FWZ.

Try to use ISAKMP, make a static translation for Checkpoint and read

(if don't done) these tips:

http://www.cisco.com/warp/customer/707/cp-r.shtml

http://www.cisco.com/warp/public/707/ipsecnat.html

and perhaps this can help you:

http://www.phoneboy.com/faq/0141.html

0 Helpful
Customers Also Viewed These Support Documents