We are trying to establish an ipsec tunnel between vpn 3000 and it's client which is behind a checkpoint. Checkpoint is making port address translation. Ipsec through nat is configured on the concentrator( udp port 10000). Though we configured to permit the firewall to pass any to any traffic we could not establish the connection. Does anyone have experience tunneling ipsec traffic through FW-1?
(I personally have configured and seen 2 clients (behind a cisco router making pat)that have established ipsec tunnels at the same time with the concentrator , so i don't think that the point is pat on the checkpoint)
Actually it worked! we could establish ipsec tunnels with more than 1 clients behind the checkpoint. I don't know what your reference point is in saying that it does not work, but actually what NAT transparency does is this. It uses UDP to transport ESP packets(prot 50) so that the box which makes nat or pat makes a translation and the box at the other end of the tunnel(conc. 3005 in our case) can take the packets sent to it's udp port. Ýf Nat Transparency was not used it would drop the packet which was targeted to one of it's ports which it normally filters.
The reason for it's not working at the beginning was a misunderstanding because i was not the one conf. checkpoint.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :