10-07-2003 08:27 AM - edited 02-21-2020 12:48 PM
When I try to use the VPN Client from behind a nokia or checkpoint firewall to another PIX it works fine. From behind a PIX it fails. All firewalls are doing PAT. It only works on a PIX if i create a static NAT translation to the device initiating the connection and allow IP any any to it (I know its very insecure but it was just for testing)
Any ideas??
10-07-2003 11:20 AM
It is hard to say what is happening without seeing the devices and the configurations. I have had to configure one to one nats in Checkpoints for this to work as well. One way that you could get around doing this is to use the isakmp nat traversal in the terminating pix and allow UDP 4500 thru PixA to PixBand you would not have a problem.
Regards,
Jason
10-08-2003 06:22 PM
Upgrade to 6.3 on the pix and add the following:
fixup protocol esp-ike
This will eliminate the need for the static NAT
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: