Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
209
Views
0
Helpful
1
Replies

checkpoint vpn connection through pix 506

y.lo
Level 1
Level 1

‎11-29-2006 08:32 AM - edited ‎02-21-2020 02:44 PM

I'm trying to configure a pix 506 to let checkpoint vpn clients initiate vpn connection from inside network. Here is the setup.

vpn client --> pix(PAT) --> internet --> vpn server

The vpn connection can establish successfully. However, no internal resources can be reached nor pinged.

I tried "isakmp nat-traversal" and "fixup protocol esp-ike" but still not work. Can someone give a hint?

Also, does it really work if I use PAT but not NAT?

Thanks in advance.

Daniel

Labels:
0 Helpful
1 Reply 1

ggilbert
Cisco Employee
Cisco Employee

‎11-29-2006 08:59 AM

Daniel.

Can you verify the PIX logs and see if it reports some denied packets?

On your ACL, do you have ESP open for the checkpoint server?

Logs from the PIX while you are trying to access resources on the checkpoint side would help.

- Rate it, if it helps -

0 Helpful
Customers Also Viewed These Support Documents