NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Can't ping/connect to Cisco vpn from behind FW-1



active nated_address's arp public in checkpoint 's external interface
----- Original Message -----
From: "Mitchell Silver" <[email protected]>
To: <[email protected]>
Sent: Thursday, July 03, 2003 9:49 PM
Subject: [FW-1] Can't ping/connect to Cisco vpn from behind FW-1


> I have a strange problem whereby I am unable to ping, from either my
> internal network, or from my DMZ, across the internet to a client's Cisco
> firewall that is live. This problem is at the heart of another problem I am
> facing whereby I cannot connect to a Cisco VPN using the Cisco VPN client
> (v3.1) from behind my checkpoint firewall (NG fp2 on Nokia 440) - the error
> message from the Cisco VPN Client is "Peer is no longer responding".
> However, I am already using later versions of the Cisco VPN client to
> connect to 2 of my other clients, without any problem whatsoever.
> Furthermore, I have no other issues or problems with the firewall and I
> already have several site-site vpns, as well as a remote access vpn running
> fine.
>
>
>
> When I try, the log viewer shows packets being accepted to leave the
> firewall via rule 0, but no echo-replies are coming back.
>
> However, if I try and ping the Cisco firewall from a telnet session on my
> firewall, or from my router that is in front of my firewall, the client's
> firewall does respond without any problem.
>
> I am hiding my internal network and DMZ behind an address on the same subnet
> as the firewall's external interface. So, I've also tried from machines that
> are live on the internet with static nats, but still to no avail.
>
> So, this appears to be a Nat-related problem, and I've tried many different
> nat set-ups but nothing changes.
>
>
>
> Does anyone have any experience using the Cisco VPN client from behind a
> checkpoint firewall that is performing nat?
>
>
>
> Any help would be enthusiastically accepted!!!!
>
>
>
> ________________________________________________________________________
> This e-mail has been scanned for all viruses by Star Internet. The
> service is powered by MessageLabs. For more information on a proactive
> anti-virus service working around the clock, around the globe, visit:
> http://www.star.net.uk
> ________________________________________________________________________
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.