[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Can't ping/connect to Cisco vpn from behind FW-1
active nated_address's arp public in checkpoint 's external interface ----- Original Message ----- From: "Mitchell Silver" <[email protected]> To: <[email protected]> Sent: Thursday, July 03, 2003 9:49 PM Subject: [FW-1] Can't ping/connect to Cisco vpn from behind FW-1 > I have a strange problem whereby I am unable to ping, from either my > internal network, or from my DMZ, across the internet to a client's Cisco > firewall that is live. This problem is at the heart of another problem I am > facing whereby I cannot connect to a Cisco VPN using the Cisco VPN client > (v3.1) from behind my checkpoint firewall (NG fp2 on Nokia 440) - the error > message from the Cisco VPN Client is "Peer is no longer responding". > However, I am already using later versions of the Cisco VPN client to > connect to 2 of my other clients, without any problem whatsoever. > Furthermore, I have no other issues or problems with the firewall and I > already have several site-site vpns, as well as a remote access vpn running > fine. > > > > When I try, the log viewer shows packets being accepted to leave the > firewall via rule 0, but no echo-replies are coming back. > > However, if I try and ping the Cisco firewall from a telnet session on my > firewall, or from my router that is in front of my firewall, the client's > firewall does respond without any problem. > > I am hiding my internal network and DMZ behind an address on the same subnet > as the firewall's external interface. So, I've also tried from machines that > are live on the internet with static nats, but still to no avail. > > So, this appears to be a Nat-related problem, and I've tried many different > nat set-ups but nothing changes. > > > > Does anyone have any experience using the Cisco VPN client from behind a > checkpoint firewall that is performing nat? > > > > Any help would be enthusiastically accepted!!!! > > > > ________________________________________________________________________ > This e-mail has been scanned for all viruses by Star Internet. The > service is powered by MessageLabs. For more information on a proactive > anti-virus service working around the clock, around the globe, visit: > http://www.star.net.uk > ________________________________________________________________________ > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|