Hopefully, this is the right forum to post this message. If not, I apologize.
VPN box: Connectra(Checkpoint)
VPN box to be managed by the SmartCenter server(Checkpoint)
I am trying to establish communication between the SmartCenter server (which is in DMZ1) and the Connectra Box(which is in DMZ2) thru the PIX firewall.
I NAT'd the connectra box DMZ2 IP to a DMZ1 IP where the Smartcenter resides. Then i implemented a DMZ1 ACL for the SmartCenter to access the Connectra over any port. I get hits on the access-list, but no connection.
SmartCenter DMZ1 IP:10.10.1.10/24
Connectra DMZ2 IP:10.10.2.11/24
static (dmz2,dmz1) 10.10.1.11 10.10.2.11 netmask 255.255.255.255 0 0
access-list acl_dmz1 permit tcp host 10.10.1.10 host 10.10.1.11
Just to see if i had set it up correctly, I configured the connectra and smartcenter on the same DMZ and it worked. I just can't get it to work thru the PIX.
Does anyone have a similiar setup and ran across the same issues?
I have some experiences with Checkpoint so hopefully
I can provide you with some advices on this.
SIC= Secure Internal Communication. Basically you enter
the Activation key (one time password) on the Connectra
and when you create a Checkpoint connectra on the SmartDashboard,
you enter the same Activation key on that object.
What you're trying to do will NOT work with NAT because SIC does
NOT work with NAT, UNLESS you are doing this through a Checkpoint
If you run "fw monitor" on both the Connectra and the SmartCenter
Server, and use Ethereal to look at the output, you will clear
see that SIC uses Checkpoint Internal Certificate for Secure
Internal Communication. It will NOT work through NAT unless
you have a Checkpoint firewall in between the Connectra and
Your workaround is NOT to NAT between the SmartCenter and