Re: [FW-1] Cisco VPN/CheckPoint FW

Subject:	Re: [FW-1] Cisco VPN/CheckPoint FW
From:	fwguru <fwguru AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 19 Apr 2006 02:48:44 -0400

Hide-NAT works fine with Cisco VPN clients behind a CP. I have had to
static-NAT some Cisco VPN clients to get it to work -- that was some time
ago, not recently.

If you have the proper ports open then check SmartDefense to see if you are
dropping Aggressive IKE (rule 99500 drops).

If that's not the case then you should try static-natting the Cisco VPN
client.

Neil Delacruz



On 4/18/06, no-need to-list <ogos69 AT yahoo DOT com> wrote:
>
> You do not need a static IP address....Hide works fine....
> You have to specifically open the ports needed by the Cisco VPN
> client.....not just "any" service.
>
> Please check Cisco web site about the ports that need to be open,,,,,
>
> Chuck Baur <ChuckBaur AT INNOVATIVEUNDERWRITERS DOT COM> wrote: I have called 
> my
> ISP and checked to see if they some sort of IPSEC filtering
> going on but none was reported. I can VPN into the Pix firewall from any
> other location except here in which we are behind a checkpoint. Are there
> anything that I am missing that needs to be done. I have allowed any
> workstation to any service with no limits going outbound. Only thing I can
> think of and read online was something to do with my hide address being
> used
> vs. static address?
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Jeremy
> Lieb
> Sent: Tuesday, April 18, 2006 4:09 PM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Cisco VPN/CheckPoint FW
>
> We usually attach a Static NAT to the internal address to get this to
> work. Though with NAT-T and Cisco I've seen it work without needing to
> use Static nat.
>
>
> Jeremy Lieb CCSE-NG CCSE+NG
> Firewall Administrator
> Open Text Corporation
> 100 Tri-State Int'l Pkwy
> Third Floor
> Lincolnshire, IL 60069
>
>
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Chuck
> Baur
> Sent: Tuesday, April 18, 2006 2:44 PM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Cisco VPN/CheckPoint FW
>
> I recently been having a problem trying to use a Cisco VPN client behind
> a Checkpoint firewall. I ensured that the access list will allow
> outbound and even opened to firewall to allow anything going outbound
> with no restrictions. I am using a hide address. Has anyone had issues
> with attempting this? Is there any sort of work around if its checkpoint
> related.
> Thank you for your time!
>
>
>
> Chuck Baur
>
> Network Administrator
>
>
> -----Original Message-----
> From: CHARLES BAUR
> Sent: Tuesday, April 18, 2006 2:17 PM
> To: Subject: Cisco VPN/CheckPoint FW
>
>
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
>
>
> ---------------------------------
> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great
> rates starting at 1¢/min.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [FW-1] Cisco VPN/CheckPoint FW, Chuck Baur Re: [FW-1] Cisco VPN/CheckPoint FW, Jeremy Lieb Re: [FW-1] Cisco VPN/CheckPoint FW, Joe Pope Re: [FW-1] Cisco VPN/CheckPoint FW, Chuck Baur Re: [FW-1] Cisco VPN/CheckPoint FW, no-need to-list Re: [FW-1] Cisco VPN/CheckPoint FW, fwguru <= Re: [FW-1] Cisco VPN/CheckPoint FW, Ramki Security

Previous by Date:	[FW-1] State Sync does not supports VLAN ?, Alex S.
Next by Date:	Re: [FW-1] State Sync does not supports VLAN ?, fwguru
Previous by Thread:	Re: [FW-1] Cisco VPN/CheckPoint FW, no-need to-list
Next by Thread:	Re: [FW-1] Cisco VPN/CheckPoint FW, Ramki Security
Indexes:	[Date] [Thread] [Top] [All Lists]