NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Can't ping/connect to Cisco vpn from behind FW-1



I have a strange problem whereby I am unable to ping, from either my
internal network, or from my DMZ, across the internet to a client's Cisco
firewall that is live. This problem is at the heart of another problem I am
facing whereby I cannot connect to a Cisco VPN using the Cisco VPN client
(v3.1) from behind my checkpoint firewall (NG fp2 on Nokia 440) - the error
message from the Cisco VPN Client is "Peer is no longer responding".
However, I am already using later versions of the Cisco VPN client to
connect to 2 of my other clients, without any problem whatsoever.
Furthermore, I have no other issues or problems with the firewall and I
already have several site-site vpns, as well as a remote access vpn running
fine.



When I try, the log viewer shows packets being accepted to leave the
firewall via rule 0, but no echo-replies are coming back.

However, if I try and ping the Cisco firewall from a telnet session on my
firewall, or from my router that is in front of my firewall, the client's
firewall does respond without any problem.

I am hiding my internal network and DMZ behind an address on the same subnet
as the firewall's external interface. So, I've also tried from machines that
are live on the internet with static nats, but still to no avail.

So, this appears to be a Nat-related problem, and I've tried many different
nat set-ups but nothing changes.



Does anyone have any experience using the Cisco VPN client from behind a
checkpoint firewall that is performing nat?



Any help would be enthusiastically accepted!!!!



________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.