I am using fw-1 4.1 sp3 at the client side. I do not know of any other configs on this side to change to
all the UDP 50 packets to map back through the Hide NAT. Do you know of another setting on my
side I need to look into?
-----Original
Message-----
From: Gibson, Brian
[mailto:[email protected]]
Sent: Friday, March 09, 2001 10:35
AM
To: 'Steven Zimmerman'; Gibson,
Brian; Fw1 Mailing List (E-mail)
Subject: RE: [FW1] Secure Remote
and NAT issues
My first inclination is
to think that your NAT device isn't properly passing the IPSEC
packets(protocol 50). What I would do is do a sniff on the firewall to
see if it is sending the Protocol 50 traffic to the client. If it is then
most likely your NAT device is not properly passing along the IPSEC
traffic. If you use a properly configured 4.1 SP2 FW the client
will send all traffic through UDP encapsulation(UDP port 2746).
That may be why it works in the other situation.
-----Original Message-----
From: Steven Zimmerman
[mailto:[email protected]]
Sent: Friday, March 09, 2001 10:08
AM
To: 'Gibson, Brian'; Fw1 Mailing
List (E-mail)
Subject: RE: [FW1] Secure Remote
and NAT issues
UDP 500 packets are returning from the secure remote
firewall I am trying to reach.
I am able to connect as long as I do not NAT the
SecuRemote users.
NATing on the Client Side. This same client works on another Firewall system but they
are using 4.1 SP2 on Nokia.
Thanks
Steven
-----Original
Message-----
From: Gibson, Brian
[mailto:[email protected]]
Sent: Friday, March 09, 2001 9:25
AM
To: 'Steven Zimmerman'; Fw1
Mailing List (E-mail)
Subject: RE: [FW1] Secure Remote
and NAT issues
When you say you see the IKE packet return
are you talking about the UDP 500 ISAKMP packet or protocol 50 packets?
Do you have other users that can
successfully use this FW for VPN?
When you say you are NATing traffic where
exactly is the NAT occuring? On the clien side or FW side?
-----Original Message-----
From: Steven Zimmerman [mailto:[email protected]]
Sent: Thursday, March 08, 2001 8:14 PM
To: Fw1 Mailing List (E-mail)
Subject: [FW1] Secure Remote and NAT issues
I have a client that is using 2 Nokia
IP440 with ipso 3.2.1 and FW-1 4.0SP5
I can not get Secure Remote to work via
NAT. I did all the changes
(objects.C, my firewall rules, etc) but this one client will not
work.
Using IKE I see my request sent out and I receive back an IKE
packet from
the firewall but I always get Error: Communication with the site
x.x.x.x has
failed.
Any thoughts??
BTW> I can get into other sites via the
same secure remote client and
network.
Thanks in advance!
Steven Zimmerman
CIO
IR Network Solutions
fax
================================================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================