FW: Help with FW-1 and Cisco 3000 VPN Client

Broderick, Nancy nbroderick at LANGUAGELINE.COM
Tue Apr 17 01:41:32 EDT 2001


Just an update incase anyone else encounters this problem.  I received this
response from member of this VPN group and it was really a life-saver for
me.  It resolved all the connectivity problems we were having on the
internal LAN. See the response below. Additional info = We are doing
IPSEC/UDP and the client is configured for NAT.

One final question, the only issue we are having now is through our dialup
server.  We dial up through our Shiva (Intel) Access Switch, a dedicated
Remote Access server. Once a dialup connection is established, the client
machine becomes a remote node on our network. We can browse the Internet and
can browse anything on our internal LAN.

The only problem is that when I try to start the VPN Client, I never get a
connection, I never even get to the authentication prompt.  It just keeps
saying negotiating ...
Client machines are NT 40 workstations,SP5, Dell Lattitude Laptops, 56k 3Com
modem.  Connection speeds vary from 28k to 50k, results are the same
reguardless of connection speed.

Any input is appreciated.
Thank you very much.

Sincerely,

Nancy Broderick
LAN Administrator
-----Original Message-----
From: Pete Davis [mailto:pete at ether.net]
Sent: Friday, April 13, 2001 5:30 PM
To: Broderick, Nancy
Subject: Re: Help with FW-1 and Cisco 3000 VPN Client


Are you doing IPSEC or IPSEC/UDP? With 2.5.2b, the keepalive
frequency was increased. The problem you are describing is because the
Checkpoint is tearing down the PAT mappings.  If you are not doing
IPSEC/UDP,
you should do IPSEC/UDP with 2.5.2b.


          - Fix CSCds42237: IPsec/UDP sessions time out through some default

                            stateful firewalls.  UDP Keepalive sent every 20
                            seconds if no other activity.  Activity check
                            made every 10 seconds.

The client is obtained from www.cisco.com / SW CENTER / VPN SOFTWARE / CISCO
VPN 3000 Client.
---
     Pete Davis - Product Manager <psd at cisco.com>  (508) 541-7300 x6154
         Cisco Systems, Inc.  - 38 Forge Park   Franklin, MA 02038

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list