Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
1
Replies

Question about a new VPN concentrator install.

jhlee2000
Level 1
Level 1

‎06-05-2006 02:01 PM - edited ‎02-21-2020 02:27 PM

Hey folks, I've got a new Cisco 3000 series VPN concentrator installed in one of my DMZ's. The Private interface is in one of my DMZ's. The Public interface is outside my firewall and directly connected to my ISP. I can ping this concentrator's Private interface from anywhere in the DMZ. I can also web to it just fine from anywhere on the DMZ network.

When I have a client outside my network connect via the VPN client I can ping all the way to the DMZ's gateway.

I cannot however pass the DMZ's gateway which is an interface on a Checkpoint firewall.

I have a test rule in the Checkpoint that will let any and all traffic through from the IP Pool that the concentrator is doling out. The firewall itself can ping the VPN client's doled out address just fine.

My internal private network is sending the traffic to the DMZ network back and forth just fine. This is was an existing network and there are devices working just fine it it.

Surely, I am missing something simple. Has anyone else connected a 3000 series concentrator to a Checkpoint FW and gotten traffic to flow through it? My test rule allows any and all traffic.

Anyone? Thanks in advance!

Labels:
0 Helpful
1 Reply 1

Fernando_Meza
Level 7
Level 7

‎06-05-2006 10:22 PM

Hi .. my only guess is NAT on the checkpoint .. make sure traffic from/to the IP VPN pool is allowed and NOT nated on the checkpoint firewall and of course make sure the checkpoint and whatever is branched out of its interfaces know the way back to the IP pool.

0 Helpful
Customers Also Viewed These Support Documents