[VPN] VSU-2000
Lebowitsch, Jonathan
JLebowitsch at imperito.com
Thu Sep 12 20:59:41 EDT 2002
I noticed that Checkpoint has an annoying tendency (i.e. bug) to "take over"
the ike sessions that VPN clients try to initiate behind them. If you sniff
you'll see the checkpoint itself sending IKE packets to your VPN server.
I've seen that happen with 2 different IPSec clients, regardless of the
clients' original source port.
Even NG does it, but unlike 4.x, at least it lets returning packets go
through it to the client so the tunnels do get established.
Perhaps creating a static NAT for the client may solve your problem, but I
doubt it.
Yoni
-----Original Message-----
From: John Rivera [mailto:jrivera at corp.internetwire.com]
Sent: Wednesday, September 11, 2002 10:41 AM
To: vpn at lists.shmoo.com
Subject: [VPN] VSU-2000
I have a VSU-2000 that I have configured on an unprotected network. I can
establish the VPN from home, but can't seem to build the tunnel behind my
protected network at work. It is authenticating my user buy not getting
past Phase 1 to create the tunnel. The remote client is sitting behind a
checkpoint 4.1 firewall. Is there something I need to set on the firewall
to allow me to build this tunnel?
John
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
More information about the VPN
mailing list