Hi
You could use hide nat rules on FW1
"Steven S."
<ssurdock@ENGINEE
RED-NET.COM> To
Sent by: Mailing FW-1-MAILINGLIST AT AMADEUS.US DOT
CHECKPO
list for INT.COM
discussion of cc
Firewall-1
<FW-1-MAILINGLIST Subject
@AMADEUS.US.CHECK [FW-1] VPN client through FW-1 NG
POINT.COM> AI R55
02/11/2004 22.14
Please respond to
Mailing list for
discussion of
Firewall-1
<FW-1-MAILINGLIST
@AMADEUS.US.CHECK
POINT.COM>
Greetings,
I'm trying to use an AT&T supplied VPN client through our internal FW to
connect to an AT&T controlled VPN server. The VPN is established but I
can't fully communicate unless I configure a one-to-one NAT. The client is
configured to use UDP encapsulation, but it's not used by the client.
During the ISAKMP negotiation I see that FW-1 does not changed the source
port of the negotiations (UDP 500 <--> UDP 500). I believe this is
confusing the remote VPN server (which I suspect is looking for a NAT-T
type
translation) and it is not requesting UDP encapsulation.
Anyone see this before (I've had no luck in the archives.)
Does anyone know of a way to force FW-1 to perform source port translation
on ISAKMP negotiation?
Thanks,
-Steve S.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
Ai sensi del Decreto Legislativo n. 196/2003, si precisa che le
informazioni contenute
in questo messaggio e negli eventuali allegati sono riservate e per uso
esclusivo del
destinatario. Persone diverse dallo stesso non possono copiare o
distribuire il messaggio
a terzi. Chiunque riceva questo messaggio per errore, è pregato di
distruggerlo e di informare immediatamente postmaster AT fondiaria-sai DOT it
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
