| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Cisco VPN client through NAT CheckPoint FW
Hello, all. Odd problem with VPN-1 v4.1 SP2 on a Nokia IP650 running IPSO
3.3.
I have an internal user who needs to connect to a remote ASP through a Cisco
VPNZ (???) client which doesn't have much in the way of configuration
options. I'm not seeing any drops in my logs but proper communication is not
established. We are doing hide behind NAT on our end and her client has a
IPSEC through NAT box checked as we use RFC1918 addresses internally (also
fails without this option box checked).
All is well if I connect her directly into the switch in front of my FW and
give her a public address. I see the same problem if I connect her directly
via cross-over cable into a port on the Nokia. All other traffic from her
machine is fine.
I've included some sniffed traffic between an external interface of my FW
and their network.
If anyone has seen this or has any insight into what the problem may be I'd
be very appreciative.
Chris
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 10:41:16.93
ETHER: Packet size = 352 bytes
ETHER: Destination = 0:2:16:b0:e6:0,
ETHER: Source = 0:a0:8e:e:ea:30,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: . .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 338 bytes
IP: Identification = 33852
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 126 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ff93
IP: Source address = my.ip.address, fw.domain.com
IP: Destination address = remote.ip.address, remote.ip.address
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 672
UDP: Destination port = 500
UDP: Length = 318
UDP: Checksum = 1F70
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 10:41:17.23
ETHER: Packet size = 290 bytes
ETHER: Destination = 0:a0:8e:e:ea:30,
ETHER: Source = 0:2:16:b0:e6:0,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: . .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 276 bytes
IP: Identification = 54029
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 117 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ba00
IP: Source address = remote.ip.address, remote.ip.address
IP: Destination address = my.ip.address, fw.domain.com
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 500
UDP: Destination port = 672
UDP: Length = 256
UDP: Checksum = 0000 (no checksum)
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 3 arrived at 10:41:17.25
ETHER: Packet size = 94 bytes
ETHER: Destination = 0:2:16:b0:e6:0,
ETHER: Source = 0:a0:8e:e:ea:30,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 80 bytes
IP: Identification = 34108
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 126 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ff95
IP: Source address = my.ip.address, fw.domain.com
IP: Destination address = remote.ip.address, remote.ip.address
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 672
UDP: Destination port = 500
UDP: Length = 60
UDP: Checksum = 5618
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 4 arrived at 10:41:17.73
ETHER: Packet size = 350 bytes
ETHER: Destination = 0:2:16:b0:e6:0,
ETHER: Source = 0:a0:8e:e:ea:30,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 336 bytes
IP: Identification = 34364
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 126 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = fd95
IP: Source address = my.ip.address, fw.domain.com
IP: Destination address = remote.ip.address, remote.ip.address
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 672
UDP: Destination port = 500
UDP: Length = 316
UDP: Checksum = 78E1
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 5 arrived at 10:41:17.84
ETHER: Packet size = 118 bytes
ETHER: Destination = 0:a0:8e:e:ea:30,
ETHER: Source = 0:2:16:b0:e6:0,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 104 bytes
IP: Identification = 54032
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 117 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = baa9
IP: Source address = remote.ip.address, remote.ip.address
IP: Destination address = my.ip.address, fw.domain.com
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 500
UDP: Destination port = 672
UDP: Length = 84
UDP: Checksum = 0000 (no checksum)
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 6 arrived at 10:41:25.76
ETHER: Packet size = 350 bytes
ETHER: Destination = 0:2:16:b0:e6:0,
ETHER: Source = 0:a0:8e:e:ea:30,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 336 bytes
IP: Identification = 34620
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 126 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = fc95
IP: Source address = my.ip.address, fw.domain.com
IP: Destination address = remote.ip.address, remote.ip.address
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 672
UDP: Destination port = 500
UDP: Length = 316
UDP: Checksum = 78E1
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 7 arrived at 10:41:47.83
ETHER: Packet size = 118 bytes
ETHER: Destination = 0:a0:8e:e:ea:30,
ETHER: Source = 0:2:16:b0:e6:0,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 104 bytes
IP: Identification = 54063
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 117 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ba8a
IP: Source address = remote.ip.address, remote.ip.address
IP: Destination address = my.ip.address, fw.domain.com
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 500
UDP: Destination port = 672
UDP: Length = 84
UDP: Checksum = 0000 (no checksum)
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 8 arrived at 10:42:17.84
ETHER: Packet size = 118 bytes
ETHER: Destination = 0:a0:8e:e:ea:30,
ETHER: Source = 0:2:16:b0:e6:0,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 104 bytes
IP: Identification = 54095
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 117 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ba6a
IP: Source address = remote.ip.address, remote.ip.address
IP: Destination address = my.ip.address, fw.domain.com
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 500
UDP: Destination port = 672
UDP: Length = 84
UDP: Checksum = 0000 (no checksum)
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 9 arrived at 10:42:25.97
ETHER: Packet size = 350 bytes
ETHER: Destination = 0:2:16:b0:e6:0,
ETHER: Source = 0:a0:8e:e:ea:30,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 336 bytes
IP: Identification = 34876
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 126 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = fb95
IP: Source address = my.ip.address, fw.domain.com
IP: Destination address = remote.ip.address, remote.ip.address
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 672
UDP: Destination port = 500
UDP: Length = 316
UDP: Checksum = 78E1
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 10 arrived at 10:42:47.82
ETHER: Packet size = 126 bytes
ETHER: Destination = 0:a0:8e:e:ea:30,
ETHER: Source = 0:2:16:b0:e6:0,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 112 bytes
IP: Identification = 54126
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 117 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ba43
IP: Source address = remote.ip.address, remote.ip.address
IP: Destination address = my.ip.address, fw.domain.com
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 500
UDP: Destination port = 672
UDP: Length = 92
UDP: Checksum = 0000 (no checksum)
UDP:
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
