Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
1
Replies

VPN Client of Cisco, behind a Checkpoint Firewall.

l.aviv
Level 1
Level 1

‎12-23-2002 05:23 AM - edited ‎02-21-2020 12:15 PM

Hi,

I am using a cisco VPN client to log into my network. my network's FW is a cisco pix. the problem is that can not use it whenever I am in a network that has a checkpint firewall (NAT & inspection).

What can I do?

Thank's,

Lior

Labels:
0 Helpful
1 Reply 1

ajagadee
Cisco Employee
Cisco Employee

‎12-23-2002 11:00 AM

Hi Lior,

If you are using Cisco VPN Client behind a PAT device and terminating your ipsec connection on a Pix, then this scenario will not work cos IPSec uses UDP Port 500 and Protocol 50 (ESP).

You have to do a One to One static Translation for the client and use a full routable ip address and then it will work fine.

If you are terminating the ipsec connection on a VPN3000, then IPSec Over UDP/TCP might be an option for you.

You can refer the below URL for the same:

http://www.cisco.com/warp/public/471/nat_trans.html

Regards,

Arul

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents