Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
3
Replies

IPsec passthru on a 2821

starlog01
Level 1
Level 1

‎03-02-2007 06:37 PM - edited ‎03-11-2019 02:41 AM

I have a 2821 connected to Roadrunner, on the private lan we are using checkpoint vpn client & Watchguard vpn client to connect to the outside wan at our other corporate server. This is where I am missing it. What would need to be configured to allow this passthru?

I tried UDP 500 and 4500, did not seem to work.

Any ideas on how to allow this, as I am fairly new to this.

Thanks

Labels:
21709-2821_config
0 Helpful
3 Replies 3

daviddtran
Level 1
Level 1

‎03-02-2007 08:28 PM

I don't know much about watchguard vpn client

I've worked with Checkpoint firewalls everyday

so I can say that your router configuration is

fine. I need the following information from

you:

1) what version of checkpoint SecureRemote/

SecureClient? NG Feature Pack 3, NG with AI

R55, R55w? NGx R60/R61/R62?

2) Make sure that the checkpoint firewall

is setup for NAT-Traversal (aka, port 2746

for NG with AI R55w or older or 4500 or NGx)

On the Checkpoint SecureRemote/Client, there

is a "Advanced", select the Advanced IKE

Setting and check the box "IKE over UDP

Encapsulation". Kill SecureRemote and

restart it again on your windows box and you

will be able to connnect to the CP with

SecureRemote/Client from behind The 2821

router.

David

CCIE Security

CCSE/CCSA NGx

0 Helpful

starlog01
Level 1
Level 1
In response to daviddtran

‎03-03-2007 08:46 PM

David,

Thanks for the info, I do not have control of the Checkpoint equipment, sorry for the mis-lead. Although - I did get the 2821 to work just fine with Cisco and Watchguard clients. Monday I will get the visiting clients to try again and see if it works with Checkpoint. I opened up one more UDP port 768 for checkpoint from some of the reading. Will keep you posted. Thanks again

0 Helpful

daviddtran
Level 1
Level 1
In response to starlog01

‎03-03-2007 08:56 PM

np. put your email in here so that I can shoot

you an email on monday to see if you have it

square away. I am not a Checkpoint expert but

I've been doing it almost everyday for the past

five years so I've seen a lot of crazy setup.

I am doing a lot of Checkpoint NGx testing

these days but I can take a break to help you

out on monday.

Good luck

David

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card