04-25-2003 03:24 AM - edited 03-09-2019 03:01 AM
Hi,
I'm in the process of configuring a PIX 525 to allow a checkpoint SecuRClient (inside) to initiate a vpn tunnel to a SecuRemote server (via Outside).
I have configured ACL's to allow UDP isakmp, esp and ah (both on the inside and the outside interfaces. Using the 'sh access-list' command after trying to initiate a vpn connect these ACL's are showing hits (htcnt=0).
All inside addresses will be PAT'd to a public address. Apart from ACL's to allow isakmp, esp and ah. Is there any other parameters I need to configure to allow this traffic through the PIX??.
thanks
04-25-2003 03:45 AM
do you have static nat to the computer in the inside interface, beside acl?
04-25-2003 05:04 AM
Hi,
No there isn't a static map for this computer on the inside. If successfull, using checkpoint securclient software on the inside will be implemented to many may users, therefore using PAT for global translations is more cost effective.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: