[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Secure Remote with NAT client
Walter, de Cisco is very economical in using addresses when using NAT. The first address which goes through the Cisco on port 500, keeps this port. It is only from the second address on that port 500 is translated to higher ports. FW-1 only switches to udp encapsulation when it discovers that ipsec packets come in through a higher port numbers, and since the first packet sticks to port 500, he is confused. We were able to get SecuRemote working through a Cisco 827 ADSL router, by forcing a translate of the first incoming address on port 500 to a higher port number: ip nat inside source static udp 192.168.2.2 500 interface Dialer1 666 with 192.168.2.2 being the first address which shows up. Greetings, -- Jan Doumen Record Group Henri Matisselaan 16 B-1140 Brussel netwerk/systeem beheer Tel: 02 728 95 24 Fax: 02 728 91 88 Url: www.rvs.be This message may not be forwarded or cited without prior permission from the author. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|