Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Client of Cisco, behind a Checkpoint Firewall.

Hi,

I am using a cisco VPN client to log into my network. my network's FW is a cisco pix. the problem is that can not use it whenever I am in a network that has a checkpint firewall (NAT & inspection).

What can I do?

Thank's,

Lior

  • Other Security Subjects
1 REPLY
Cisco Employee

Re: VPN Client of Cisco, behind a Checkpoint Firewall.

Hi Lior,

If you are using Cisco VPN Client behind a PAT device and terminating your ipsec connection on a Pix, then this scenario will not work cos IPSec uses UDP Port 500 and Protocol 50 (ESP).

You have to do a One to One static Translation for the client and use a full routable ip address and then it will work fine.

If you are terminating the ipsec connection on a VPN3000, then IPSec Over UDP/TCP might be an option for you.

You can refer the below URL for the same:

http://www.cisco.com/warp/public/471/nat_trans.html

Regards,

Arul

222
Views
0
Helpful
1
Replies