[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SecuRemote through NAT device???
> I will be going down this path soon. On all other systems, SR has worked > like a champ with minimal "mucking", so I don't recall seeing a setting to > enable UDP encapsulation. Where is this set? On the client side, you can "Force UDP Encapsulation" by selecting: Tools -> Encryption Scheme -> IKE -> Advanced. You do not need to force this under new versisons of CheckPoint as the firewall will automatically detect a source port that isn't 500 for the key exchange and switch to encapsulation mode. You can enable it on NG by selecting the firewall object, then VPN, the IKE, then advanced. On older versions of CheckPoint, you edited objects.C, declared the VPN1 encapsulation service, set userc_IKE_NAT (true) and a couple of other adjustments. There are well documented on phoneboy.com under Secure Client and NAT. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|