Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPsec passthru on a 2821

I have a 2821 connected to Roadrunner, on the private lan we are using checkpoint vpn client & Watchguard vpn client to connect to the outside wan at our other corporate server. This is where I am missing it. What would need to be configured to allow this passthru?

I tried UDP 500 and 4500, did not seem to work.

Any ideas on how to allow this, as I am fairly new to this.


New Member

Re: IPsec passthru on a 2821

I don't know much about watchguard vpn client

I've worked with Checkpoint firewalls everyday

so I can say that your router configuration is

fine. I need the following information from


1) what version of checkpoint SecureRemote/

SecureClient? NG Feature Pack 3, NG with AI

R55, R55w? NGx R60/R61/R62?

2) Make sure that the checkpoint firewall

is setup for NAT-Traversal (aka, port 2746

for NG with AI R55w or older or 4500 or NGx)

On the Checkpoint SecureRemote/Client, there

is a "Advanced", select the Advanced IKE

Setting and check the box "IKE over UDP

Encapsulation". Kill SecureRemote and

restart it again on your windows box and you

will be able to connnect to the CP with

SecureRemote/Client from behind The 2821



CCIE Security


New Member

Re: IPsec passthru on a 2821


Thanks for the info, I do not have control of the Checkpoint equipment, sorry for the mis-lead. Although - I did get the 2821 to work just fine with Cisco and Watchguard clients. Monday I will get the visiting clients to try again and see if it works with Checkpoint. I opened up one more UDP port 768 for checkpoint from some of the reading. Will keep you posted. Thanks again

New Member

Re: IPsec passthru on a 2821

np. put your email in here so that I can shoot

you an email on monday to see if you have it

square away. I am not a Checkpoint expert but

I've been doing it almost everyday for the past

five years so I've seen a lot of crazy setup.

I am doing a lot of Checkpoint NGx testing

these days but I can take a break to help you

out on monday.

Good luck


CreatePlease login to create content