Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN with NAT

To: [email protected]
Subject: Re: [FW-1] VPN with NAT
From: Crist Clark <[email protected]>
Date: Thu, 23 May 2002 10:01:28 -0700
Organization: Globalstar Communications
References: <000301c20229$8730eb40$5901030a@ciezo2>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Angel Barcenilla García wrote:
>
> Hi friends,
>
> I would like to know if it's possible to install a VPN client from CISCO on
> a PC in our internal LAN (behind the Firewall-1)???  We are using static
> NAT.

"Static NAT?" So in FW-1-speak, that means you are doing 1-to-1 NAT, right?

> We have created a rule to allow IKE and ESP (ports 500 and 50) but I can't
> connect to the remote host. If I connect my PC in the external LAN, that is,
> in the untrusted LAN I can connect successfully.

FW-1 may be having problems maintaining a state in NAT (and in the policy rules)
on ESP. But I wouldn't expect a NAT problem with 1-to-1 NAT. Although it causes
me tremendous pain to suggest this, you might try the UDP encapsulation option on
the VPN. (When you say "Cisco VPN" I assume we are talking about using an Altiga,
now called Cisco VPN Concentrators, at the other end with IPsec? But that is a
big assumption. "Cisco VPN" could be a lot of different things.)
--
Crist J. Clark                               [email protected]
Globalstar CommunicationsThe information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited.  If you have
received this e-mail in error, please contact [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] VPN with NAT
  - From: Angel Barcenilla García <[email protected]>

References:
- [FW-1] VPN with NAT
  - From: Angel Barcenilla García <[email protected]>

Prev by Date: Re: [FW-1] VPN + Ping - Timeout on Winodws
Next by Date: [FW-1] Unsubscribe Messages Sent To The FW-1 Mailing List...
Previous by thread: [FW-1] VPN with NAT
Next by thread: Re: [FW-1] VPN with NAT
Index(es):
- Date
- Thread