Help with FW-1 and Cisco 3000 VPN Client
Eric Vyncke
evyncke at CISCO.COM
Sat Apr 14 16:12:32 EDT 2001
Have you tried the NAT mode on the client ?
-eric
At 09:35 13/04/2001 -0700, Broderick, Nancy wrote:
>Hello,
>
>I am currently having problems connecting a Cisco 3000 VPN client version 2a
>through our Checkpoint Firewall-1 4.0 firewall Build 4031.
>
>Symptoms are as follows:
>
>I can start the VPN client to the remote site and can establish a
>connection.
>Immediately after the VPN connection is made I can ping the remote host and
>connect to the remote server.
>After approximately 1 to 2 minutes, the connection will time out. The Cisco
>client says I am still connected, but I can not ping the remote host.
>
>Other notes,
>There are a high number of packets being dropped.
>If I keep a ping -t going in the background, the connection stays up.
>I have the MTU on the client set to 1400
>I have the appropriate ports open on the firewall.
>
>When I test it with the firewall rule base with 1 rule only, "Any Source,
>Any Destination, Accept", the symptoms are the same, connection still drops
>after a minute or so.
>If I connect directly to an ISP, the connection works fine. Same is true if
>I bypass the firewall and connect directly to our router.
>Below is a brief outline of the network.
>
>Any help would be greatly appreciated.
>
>Nancy Broderick
>LAN Administrator
>
> |Cisco3000| Vendor A
> |
> v
> |Router|
> |
> v
> (Internet)
> |
> v
> |Router Cisco 2500 Series|
> |
> v
> |CheckpointFW|
> NAT
> |
> v
> |Switch - Bay Stack 350T 10/100 Auto sense Switch|
> |
> v
> |Client|
>
>VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list