×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN tunnel through PIX

Unanswered Question
Jun 28th, 2002
User Badges:

Hello

I have Checpoint VPN-1 (inside) with SecuRemote (VPN Client) (outside) and

PIX between them. (two level firewall)

I opened IP/50 & 51 & udp 500, but

PIX reset connection Client to VPN-1:


pixfirewall# 302013: Built inbound TCP connection 102 for outside:213.77.20.45/1

485 (213.77.20.45/1485) to inside:192.168.30.5/264 (213.77.20.40/264)

302013: Built inbound TCP connection 103 for outside:213.77.20.45/1486 (213.77.2

0.45/1486) to inside:192.168.30.5/264 (213.77.20.40/264)


302014: Teardown TCP connection 103 for outside:213.77.20.45/1486 to inside:192.

168.30.5/264 duration 0:00:01 bytes 4641 TCP Reset-O


106015: Deny TCP (no connection) from 213.77.20.45/1486 to 213.77.20.40/264 flag

s RST on interface outside

106015: Deny TCP (no connection) from 192.168.30.5/264 to 213.77.20.45/1486 flag

s RST on interface inside

302014: Teardown TCP connection 102 for outside:213.77.20.45/1485 to inside:192.

168.30.5/264 duration 0:00:17 bytes 45 TCP FINs


Any tips ?


Pawel Florek

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
franzin Fri, 06/28/2002 - 09:02
User Badges:

As I could see (if I understand) you are using NAT to get the Checkpoint

Firewall. This is incompatible with SecureRemote if you are trying to

establish a tunnel with FWZ.

Try to use ISAKMP, make a static translation for Checkpoint and read

(if don't done) these tips:

http://www.cisco.com/warp/customer/707/cp-r.shtml

http://www.cisco.com/warp/public/707/ipsecnat.html

and perhaps this can help you:

http://www.phoneboy.com/faq/0141.html



Actions

This Discussion