Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC through NAT 827 DSL, to Checkpoint

I am trying to connect multiple user through a cisco 827 DSL router to a checkpoint firewall

the VPN connects if you use a dial up, (real ip), however the router is having difficulty connecting the VPN endpoints

I ran Debug ip nat ipsec.

here is the output

00:29:59: NAT: new ISAKMP going In->Out, source addr 192.168.1.1, destination addr 193.74.108.254, initiator cookie 0x8850C761

00:30:00: NAT: IPSec: created In->Out ESP translation IL=192.168.1.1 SPI=0xC18DFC68, IG=65.80.129.187, OL=193.74.108.254, OG=193.74.108.254

00:30:00: NAT: IPSec: Inside host (IL=192.168.1.1) trying to open an ESP connection to Outside host (OG=193.74.108.254), wait for Out->In reply

00:31:00: NAT: IPSec: expire incomplete ESP connection IL=192.168.1.1 SPI=0xC18DFC68, IG=65.80.129.187, OL=193.74.108.254, OG=193.74.108.254

I would love here your insight

also the pptp VPN works like a chram thought this.

tia

1 REPLY
Cisco Employee

Re: IPSEC through NAT 827 DSL, to Checkpoint

I do not think the issue would be caused by the router.

You should check the checkpoint, if it can handle or configured to accept connections from clients behind nat/pat.

As you said, the pptp works fine, just showing you that the address translation is working fine.

Regards,

130
Views
0
Helpful
1
Replies
CreatePlease login to create content