| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Secure Remote with NAT client
Walter,
de Cisco is very economical in using addresses when using
NAT. The first address which goes through the Cisco on
port 500, keeps this port. It is only from the second
address on that port 500 is translated to higher ports.
FW-1 only switches to udp encapsulation when it discovers
that ipsec packets come in through a higher port numbers,
and since the first packet sticks to port 500, he is
confused.
We were able to get SecuRemote working through a Cisco
827 ADSL router, by forcing a translate of the first
incoming address on port 500 to a higher port number:
ip nat inside source static udp 192.168.2.2 500 interface Dialer1 666
with 192.168.2.2 being the first address which shows up.
Greetings,
--
Jan Doumen
Record Group
Henri Matisselaan 16
B-1140 Brussel
netwerk/systeem beheer
Tel: 02 728 95 24
Fax: 02 728 91 88
Url: www.rvs.be
This message may not be forwarded or cited without
prior permission from the author.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
