Re: [FW-1] Cisco VPN/CheckPoint FW

Subject:	Re: [FW-1] Cisco VPN/CheckPoint FW
From:	Ramki Security <ramki.security AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 20 Apr 2006 07:20:13 -0400

Try using TCP mode instead of UDP (default).  That may help.

Regards,
Ramki

fwguru wrote:

Hide-NAT works fine with Cisco VPN clients behind a CP. I have had to
static-NAT some Cisco VPN clients to get it to work -- that was some time
ago, not recently.

If you have the proper ports open then check SmartDefense to see if you are
dropping Aggressive IKE (rule 99500 drops).

If that's not the case then you should try static-natting the Cisco VPN
client.

Neil Delacruz



On 4/18/06, no-need to-list <ogos69 AT yahoo DOT com> wrote:

You do not need a static IP address....Hide works fine....
You have to specifically open the ports needed by the Cisco VPN
client.....not just "any" service.

Please check Cisco web site about the ports that need to be open,,,,,

Chuck Baur <ChuckBaur AT INNOVATIVEUNDERWRITERS DOT COM> wrote: I have called my
ISP and checked to see if they some sort of IPSEC filtering
going on but none was reported. I can VPN into the Pix firewall from any
other location except here in which we are behind a checkpoint. Are there
anything that I am missing that needs to be done. I have allowed any
workstation to any service with no limits going outbound. Only thing I can
think of and read online was something to do with my hide address being
used
vs. static address?

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Jeremy
Lieb
Sent: Tuesday, April 18, 2006 4:09 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Cisco VPN/CheckPoint FW

We usually attach a Static NAT to the internal address to get this to
work. Though with NAT-T and Cisco I've seen it work without needing to
use Static nat.


Jeremy Lieb CCSE-NG CCSE+NG
Firewall Administrator
Open Text Corporation
100 Tri-State Int'l Pkwy
Third Floor
Lincolnshire, IL 60069



-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Chuck
Baur
Sent: Tuesday, April 18, 2006 2:44 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Cisco VPN/CheckPoint FW

I recently been having a problem trying to use a Cisco VPN client behind
a Checkpoint firewall. I ensured that the access list will allow
outbound and even opened to firewall to allow anything going outbound
with no restrictions. I am using a hide address. Has anyone had issues
with attempting this? Is there any sort of work around if its checkpoint
related.
Thank you for your time!



Chuck Baur

Network Administrator


-----Original Message-----
From: CHARLES BAUR
Sent: Tuesday, April 18, 2006 2:17 PM
To: Subject: Cisco VPN/CheckPoint FW




=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================



---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great
rates starting at 1¢/min.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [FW-1] Cisco VPN/CheckPoint FW, Chuck Baur Re: [FW-1] Cisco VPN/CheckPoint FW, Jeremy Lieb Re: [FW-1] Cisco VPN/CheckPoint FW, Joe Pope Re: [FW-1] Cisco VPN/CheckPoint FW, Chuck Baur Re: [FW-1] Cisco VPN/CheckPoint FW, no-need to-list Re: [FW-1] Cisco VPN/CheckPoint FW, fwguru Re: [FW-1] Cisco VPN/CheckPoint FW, Ramki Security <=

Previous by Date:	Re: [FW-1] State Sync does not supports VLAN ?, Alex S.
Next by Date:	Re: [FW-1] ipassignment.conf, Ramki Security
Previous by Thread:	Re: [FW-1] Cisco VPN/CheckPoint FW, fwguru
Next by Thread:	[FW-1] Strange error message detected on SUN 1GB QuadCard NIC when enablingCheck Point's state sync, Alex S.
Indexes:	[Date] [Thread] [Top] [All Lists]