Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
1
Replies

IPSEC through NAT 827 DSL, to Checkpoint

jt_mcgrew
Level 1
Level 1

‎07-18-2002 07:41 AM - edited ‎02-21-2020 11:56 AM

I am trying to connect multiple user through a cisco 827 DSL router to a checkpoint firewall

the VPN connects if you use a dial up, (real ip), however the router is having difficulty connecting the VPN endpoints

I ran Debug ip nat ipsec.

here is the output

00:29:59: NAT: new ISAKMP going In->Out, source addr 192.168.1.1, destination addr 193.74.108.254, initiator cookie 0x8850C761

00:30:00: NAT: IPSec: created In->Out ESP translation IL=192.168.1.1 SPI=0xC18DFC68, IG=65.80.129.187, OL=193.74.108.254, OG=193.74.108.254

00:30:00: NAT: IPSec: Inside host (IL=192.168.1.1) trying to open an ESP connection to Outside host (OG=193.74.108.254), wait for Out->In reply

00:31:00: NAT: IPSec: expire incomplete ESP connection IL=192.168.1.1 SPI=0xC18DFC68, IG=65.80.129.187, OL=193.74.108.254, OG=193.74.108.254

I would love here your insight

also the pptp VPN works like a chram thought this.

tia

Labels:
0 Helpful
1 Reply 1

edadios
Cisco Employee
Cisco Employee

‎07-18-2002 05:59 PM

I do not think the issue would be caused by the router.

You should check the checkpoint, if it can handle or configured to accept connections from clients behind nat/pat.

As you said, the pptp works fine, just showing you that the address translation is working fine.

Regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents