Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] IKE over NAT

To: <[email protected]>
Subject: [FW1] IKE over NAT
From: "Jeff Lawn" <[email protected]>
Date: Wed, 7 Mar 2001 09:28:15 -0800
Importance: Normal
Reply-to: <[email protected]>
Sender: [email protected]

Must use FW1-41 SP3

UDP Encapsulation is known to have an issue with Gateway Cluster, namely it
picks the wrong IP address to source UDP encapsulation packets. This causes
problems when the client is behind a NAT gateway. To resolve  this issue,
upgrade to FireWall-1 4.1 SP3 or later and add the following  two lines to
the:props ( section of objects.C:
:IPSec_main_if_nat (true):IPSec_cluster_nat (true)
This will tell FireWall-1 to always send the packets out with the Gateway
Cluster IP address, which it does not do by default.

==============================

Jeff Lawn

==============================
 




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Scheduled Policies?
Next by Date: RE: [FW1] SecuRemote 4.1 SP2 problems
Previous by thread: RE: [FW1] SecuRemote 4.1 SP2 problems
Next by thread: [FW1] SecuClient Blocking on Internal net
Index(es):
- Date
- Thread