Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Question about a new VPN concentrator install.

Hey folks, I've got a new Cisco 3000 series VPN concentrator installed in one of my DMZ's. The Private interface is in one of my DMZ's. The Public interface is outside my firewall and directly connected to my ISP. I can ping this concentrator's Private interface from anywhere in the DMZ. I can also web to it just fine from anywhere on the DMZ network.

When I have a client outside my network connect via the VPN client I can ping all the way to the DMZ's gateway.

I cannot however pass the DMZ's gateway which is an interface on a Checkpoint firewall.

I have a test rule in the Checkpoint that will let any and all traffic through from the IP Pool that the concentrator is doling out. The firewall itself can ping the VPN client's doled out address just fine.

My internal private network is sending the traffic to the DMZ network back and forth just fine. This is was an existing network and there are devices working just fine it it.

Surely, I am missing something simple. Has anyone else connected a 3000 series concentrator to a Checkpoint FW and gotten traffic to flow through it? My test rule allows any and all traffic.

Anyone? Thanks in advance!


Re: Question about a new VPN concentrator install.

Hi .. my only guess is NAT on the checkpoint .. make sure traffic from/to the IP VPN pool is allowed and NOT nated on the checkpoint firewall and of course make sure the checkpoint and whatever is branched out of its interfaces know the way back to the IP pool.