Re: [FW-1] VPN Client behind Check Point NG with AI

Subject:	Re: [FW-1] VPN Client behind Check Point NG with AI
From:	Will Zegeer <will AT EPLUS DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 26 Feb 2004 11:20:36 -0500

Dan, I'm not sure about the netscreen client but Checkpoint
securemote/client has a feature to resolve this called
fw1_UDP_encapsulation. Basically it encapsulates the esp (ip 50) packets
inside udp 2746 packets. I would check to see if the netscreen client has a
similar feature like nat traversal.

HTH - Will




> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf Of Davis,
> Daniel
> Sent: Thursday, February 26, 2004 10:47 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] VPN Client behind Check Point NG with AI
>
>
> First off, I am new to NG and AI but quite experienced with CP 4.1.
>
>
>
> I have a user located behind my NG-AI firewall trying to use
> NetScreen-Remote software to connect to a remote gateway. The initial
> negotiations work fine. However, all ESP traffic from the
> internal host are
> not being NAT'd as they leave my firewall. I found an option
> in "Global
> Properties > VPN-1 Net" concerning NAT and encrypted
> connections. Changing
> this option has no effect on the outbound traffic. A manual
> NAT rule also
> had no effect.
>
>
>
> Is there another option somewhere that I am missing?
>
>
>
> Thanks in advance.
>
>
>
>
>
> Dan Davis
>
> Network Security Engineer
>
> Information Technology
>
> Durham County Government
>
> (919) 560-7023
>
> ddavis AT co.durham.nc DOT us
>
>
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] VPN Client behind Check Point NG with AI, Davis, Daniel Re: [FW-1] VPN Client behind Check Point NG with AI, Will Zegeer <= Re: [FW-1] VPN Client behind Check Point NG with AI, Davis, Daniel Re: [FW-1] VPN Client behind Check Point NG with AI, Crist Clark Re: [FW-1] VPN Client behind Check Point NG with AI, Will Zegeer

Previous by Date:	[FW-1] Luna VPN accelerator cards, Pendergrass, Greg
Next by Date:	[FW-1] ClusterXL questions, Sébastien Cantos
Previous by Thread:	[FW-1] VPN Client behind Check Point NG with AI, Davis, Daniel
Next by Thread:	Re: [FW-1] VPN Client behind Check Point NG with AI, Davis, Daniel
Indexes:	[Date] [Thread] [Top] [All Lists]