I am
using fw-1 4.1 sp3 at the client side.
I do not know of any other configs on this side to change to all the
UDP 50 packets to map back through the Hide NAT. Do you know of another setting on my
side I need to look into?
-----Original
Message-----
From: Gibson,
Brian [mailto:[email protected]]
Sent: Friday, March 09, 2001 10:35
AM
To: 'Steven Zimmerman';
Gibson, Brian; Fw1 Mailing List (E-mail)
Subject: RE: [FW1] Secure Remote and NAT
issues
My first
inclination is to think that your NAT device isn't properly passing the
IPSEC packets(protocol 50). What I would do is do a sniff on the
firewall to see if it is sending the Protocol 50 traffic to the client.
If it is then most likely your NAT device is not properly passing along the
IPSEC traffic. If you use a properly configured 4.1 SP2 FW the
client will send all traffic through UDP encapsulation(UDP port
2746). That may be why it works in the other situation.
-----Original
Message-----
From: Steven
Zimmerman [mailto:[email protected]]
Sent: Friday, March 09, 2001 10:08
AM
To: 'Gibson, Brian'; Fw1
Mailing List (E-mail)
Subject: RE: [FW1] Secure Remote and NAT
issues
UDP
500 packets are returning from the secure remote firewall I am trying to
reach.
I am
able to connect as long as I do not NAT the SecuRemote
users.
NATing
on the Client Side. This same
client works on another Firewall system but they are using 4.1 SP2 on
Nokia.
Thanks
Steven
-----Original
Message-----
From: Gibson,
Brian [mailto:[email protected]]
Sent: Friday, March 09, 2001 9:25
AM
To: 'Steven Zimmerman';
Fw1 Mailing List (E-mail)
Subject: RE: [FW1] Secure Remote and NAT
issues
When you say you see the
IKE packet return are you talking about the UDP 500 ISAKMP packet or protocol
50 packets?
Do you have other users
that can successfully use this FW for VPN?
When you say you are NATing
traffic where exactly is the NAT occuring? On the clien side or FW side?
-----Original
Message-----
From: Steven Zimmerman [mailto:[email protected]]
Sent: Thursday, March 08,
2001 8:14 PM
To: Fw1 Mailing List
(E-mail)
Subject: [FW1] Secure Remote and NAT
issues
I have a client that is
using 2 Nokia IP440 with ipso 3.2.1 and FW-1 4.0SP5
I can not get Secure Remote
to work via NAT. I did all the changes
(objects.C, my firewall
rules, etc) but this one client will not work.
Using IKE I see my request
sent out and I receive back an IKE packet from
the firewall but I always
get Error: Communication with the site x.x.x.x has
failed.
Any thoughts??
BTW> I can get into
other sites via the same secure remote client and
network.
Thanks in
advance!
Steven
Zimmerman
CIO
IR Network Solutions
x224
fax
================================================================================
To
unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html
================================================================================