CheckPoint SecureRemote client through PIX firewall
I have encountered an issue with a CheckPoint SecureRemote VPN client running through a PIX-515e firewall. The client appears to connect, and traffic seems to be getting to the CheckPoint firewall, but the client does not receive any responses. The CheckPoint administrator says he can see traffic arriving at the firewall, but no responses coming back. I have asked him to verify that his firewall and routing configurations are correct on his network.
This has worked in the past, but was not used for several months, and now does not work. Nothing apperas to have changed in the PIX configuration, and the CheckPoint adminstrator says that nothing has changed on their end either.
I set up a static NAT on the PIX for the CheckPoint client machine and NAT-T is enabled.
I make IPSEC VPN connections to PIX firewalls from various locations on the Internet through various firewalls and have not encountered this sort of problem before. Any suggestions would be appreciated.
Re: CheckPoint SecureRemote client through PIX firewall
Thank you for the responses. I have enabled NAT-T, but I have not opened UDP port 4500: I will give this a try. The VPN client and PIX firewall are remote to me (in Florida), but the person at the Florida location said he has reinstalled the SecureRemote client. The Checkpoint firewall is at yet another remote location in the Mid-West. The local firewall administrator is certain that it is not the Checkpoint firewall or network on his end causing the problem. We are going to try to attach the PC outside of the PIX firewall to see if the issue goes away. Even if it does resolve the problem, it doesn't answer the question of why it doesn't work behind the firewall, and we can't leave the PC outside of the firewall permanently.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :