IPSEC Client connectivity through CheckPoint
Michael Hoffert
bandit_2025 at YAHOO.COM
Wed Jan 24 16:58:19 EST 2001
Hello,
I have an issue with getting a client's IPSEC
connectivity through a Checkpoint firewall. Refering
to the topology below, we have confimed that
- the devices have ping capabilities (network
connectivity)
- The firewall has all ports opened from the 3000's IP
address (including proto port 50, 51, and UDP500)
- A sniffer at point Z (in between Vendor A's
Concentrator and Router) indicates that UDP 500
packets are being received.and transmitted
- Vendor B's router is seeing the packets come back
(via ip accounting)
- the Checkpoint FW doesn't appear to have any dropped
packets from Vendor A's concentrator or Vendor B's
client.
- The client workstation (running 98 and Cisco 2.5
client) will eventually time out.
Other Notes:
- Vendor B's FW is also terminating checkpoint VPN
connections but this address is not in the encryption
group
- Vendor B's FW is also doing NAT (we have the client
to utilize IPSEC/ NAT)
- Vendor B has no resources to capture traffic on
private segment
Any ideas would be appreciated,
-Mike-
|Cisco3000| Vendor A
| <--- Sniffer Z
v
|Router|
|
v
(Internet)
|
v
|Router|
|
v
|Checkpoint/Nokia FW|
NAT
|
v
|Client|
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list