I have been trying to setup an IPSec Tunnel between VPN3000 and Checkpoint Fw1, but it doesnt seem to work. I have done the setup based on Cisco documents. Also the box to which i am trying to setup the IPSec tunnel with is behind another PIX FW which is between the Checkpoint FW1 and the end machine. Any help is welcomed....
You could turn on the following event logs on the concentrator:
log event 1-9 and see the filterable event log as you establish connection with the checkpoint and see what is not matching in phase 1 and/or 2. Also try to see if you could modify the IKE proposal on the 3000 to use DH group 1 rather 2, as sometimes Checkpoint doesn't want group 2.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...