NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecuRemote through NAT device???



> I will be going down this path soon.  On all other systems, SR has worked
> like a champ with minimal "mucking", so I don't recall seeing a setting to
> enable UDP encapsulation.  Where is this set?
On the client side, you can "Force UDP Encapsulation" by selecting:
Tools -> Encryption Scheme -> IKE -> Advanced.

You do not need to force this under new versisons of CheckPoint as the
firewall will automatically detect a source port that isn't 500 for the
key exchange and switch to encapsulation mode.

You can enable it on NG by selecting the firewall object, then VPN, the
IKE, then advanced.

On older versions of CheckPoint, you edited objects.C, declared the VPN1
encapsulation service, set userc_IKE_NAT (true) and a couple of other
adjustments. There are well documented on phoneboy.com under Secure Client
and NAT.

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.