Cisco VPN Client Behind Checkpoint Firewall

Unanswered Question
Feb 6th, 2009
User Badges:

I am trying to establish a vpn tunnel to a remote site from behind a checkpoint firewall. The firewall uses a hide nat for all computers on the network. The tunnel is initially connected but then is timed out when the client doesnt receive the keepalives. I see packets coming back that are being dropped by the firewall. Is it possible to create and maintain a vpn through a hide nat or do I have to do a static nat for all users trying to use the vpn?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Fri, 02/06/2009 - 10:47
User Badges:
  • Cisco Employee,

Unfortunately the vpn client will always rely on keepalives to maintain it's connection active, these keepalives are unable to be disabled from the client side. You can however increase the time that the vpn client will wait to drop this connection.

In your case you would need to check on the firewall side why are these packets being dropped.


This Discussion