Help with FW-1 and Cisco 3000 VPN Client
Broderick, Nancy
nbroderick at LANGUAGELINE.COM
Fri Apr 13 12:35:30 EDT 2001
Hello,
I am currently having problems connecting a Cisco 3000 VPN client version 2a
through our Checkpoint Firewall-1 4.0 firewall Build 4031.
Symptoms are as follows:
I can start the VPN client to the remote site and can establish a
connection.
Immediately after the VPN connection is made I can ping the remote host and
connect to the remote server.
After approximately 1 to 2 minutes, the connection will time out. The Cisco
client says I am still connected, but I can not ping the remote host.
Other notes,
There are a high number of packets being dropped.
If I keep a ping -t going in the background, the connection stays up.
I have the MTU on the client set to 1400
I have the appropriate ports open on the firewall.
When I test it with the firewall rule base with 1 rule only, "Any Source,
Any Destination, Accept", the symptoms are the same, connection still drops
after a minute or so.
If I connect directly to an ISP, the connection works fine. Same is true if
I bypass the firewall and connect directly to our router.
Below is a brief outline of the network.
Any help would be greatly appreciated.
Nancy Broderick
LAN Administrator
|Cisco3000| Vendor A
|
v
|Router|
|
v
(Internet)
|
v
|Router Cisco 2500 Series|
|
v
|CheckpointFW|
NAT
|
v
|Switch - Bay Stack 350T 10/100 Auto sense Switch|
|
v
|Client|
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list