[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] IKE over NAT
Must use FW1-41 SP3 UDP Encapsulation is known to have an issue with Gateway Cluster, namely it picks the wrong IP address to source UDP encapsulation packets. This causes problems when the client is behind a NAT gateway. To resolve this issue, upgrade to FireWall-1 4.1 SP3 or later and add the following two lines to the:props ( section of objects.C: :IPSec_main_if_nat (true):IPSec_cluster_nat (true) This will tell FireWall-1 to always send the packets out with the Gateway Cluster IP address, which it does not do by default. ============================== Jeff Lawn ============================== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|