Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Help on running Cisco PIX VPN Client through Checkpoint 4.1 to Ci sco PIX firewall

To: [email protected]
Subject: [FW-1] Help on running Cisco PIX VPN Client through Checkpoint 4.1 to Ci sco PIX firewall
From: John Beal <[email protected]>
Date: Thu, 24 Jan 2002 15:44:42 -0800
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: Help on running Cisco PIX VPN Client through Checkpoint 4.1 to Cisco PIX firewall

Hi All,
This is the first time I've written to the mailing list for help, although I'm a daily reader and I've responded to a couple of inquiries in the past year.

   First the vitals:
   Parent Site running Cisco PIX firewall and Parent Company employees using Cisco PIX VPN Client 1.2 3DES
Our site running Checkpoint 4.1 / SP4 on Nokia IP440 at IPSO 3.4.1.
   Now the problem:
   We have visiting execs from our Parent company. They are trying to get VPN authentication from statically assigned IP's inside our network, across a manual NAT that dumps them to the internet, up through the Parent site Cisco PIX firewall. The NAT takes the statically assigned IP on the inside and puts it on an IP outside of the firewall (this IP is in our static and proxy ARP tables) for ANY service.

The execs enable the Cisco PIX VPN, they receive a message that they are enabled, but packets never return to the client side (upbound packets climb up to about 2000 but inbound packets remain at 0). Examining the Checkpoint firewall logs, I see the traffic over the NAT leaving, but I never see anything coming back. The Cisco firewall administrator at the Parent Site confirms that they are not blocking outbound packets to us, they can ping the outside of the NAT but they can't ping through the NAT to the exec with the Cisco PIX VPN. This Cisco PIX VPN worked for an hour and then refused to work. To test the Cisco VPN client, we placed the execs machine on the outside of the firewall and he authenticated with no problems.

I've read through the Checkpoint Admin manual and can't find anything. The Checkpoint and Cisco sites mention re-configuring the Properties\Encryption for Checkpoint to Cisco VPN's, but I shouldn't have to mess with that for a NAT, should I? Any help is appreciated, otherwise we'll probably end up having a PIX firewall imposed upon us from our Parent company.

Thanks,
John Beal II, Network Engineer II
Orcom Solutions, Inc.
1001 SW Disk Drive
Bend, OR 97702

NOTICE: This communication may contain proprietary or other confidential business information of Orcom Solutions, Inc. If you are not the intended recipient or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received. In addition, you should not print, copy, retransmit, disseminate, or otherwise use the information. Thank you.

Prev by Date: Re: [FW-1] Checkpoint vs. Cisco VPN Client
Next by Date: Re: [FW-1] Problem with enabling UDP Encryption for SecuRemote
Previous by thread: Re: [FW-1] Problem with enabling UDP Encryption for SecuRemote
Next by thread: [FW-1] mapping/handoff????
Index(es):
- Date
- Thread