[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] UDP forwarding
Hi, I'm new to the list so here's another query. I am using a Cisco VPN client (for a Cisco 5000 concentrator) which tunnels over the net to a client's intranet. This works perfectly when used as a dialup or when using a valid IP outside the FW (FW-1 4.1 sp2, NT) but once it's installed behind the FW, it fails to return the packets from the intranet net. I have set up NAT fo rthe machine with the VPN client behind the FW and set an ANY ANY ALL rule both ways on both the NATt'ed IP and the internal IP when testing the client and it seems to be allowing the packets (UDP) through, but it never arrives at the VPN client. The client can connect to the remote Cisco box and authenticate, but cannot contact any machines inside their intranet (no ICMP or TCP/UDP services). I have resorted to a program called HHProxy which proxies UDP and TCP packets and which put it on a multihomed gateway machine outside the FW and connected via NIC to the internal also as a stop gap solution but this is not a long term solution. I have ACL's on our Cisco router to help with securing the box, but it is still a security risk. Any one had experience with this Cisco VPN client and how to get it to work with FW-1? Cheers, Paraic ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|