Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Checkpoint VPN client from behind a PIX

Hi All.

We have a PIX natting our LAN to the Internet (1 public IP address only).

There's also a VPN lan-to-lan to a second site, and from our LAN we can use the Cisco VPN client to connect to several other remote sites.

The problem arises using the Checkpoint VPN client ("visitor" mode) to connecto to a remote site protected by a Checkpoint fw. I installed it on a laptop, and if I dial-in onto the Internet I do connect to that remote site without problems, but if I'm inside our LAN traffic gets stopped somewhere.

I suspect that the ISAKMP traffic gets "captured" by the lan-to-lan tunnel. Could it be the case?

Any hints?



Re: Checkpoint VPN client from behind a PIX

Its not quite clear to me on what you meant by "ISAKMP traffic gets "captured" by the lan-to-lan tunnel". Does this traffic travese through PIX? If yes, check the PIX to see if your NAT commands allow this traffic to go from inside to outside.

New Member

Re: Checkpoint VPN client from behind a PIX

As per the security standrad for remote client ,Split tunnel is diabled on the Checkpoint VPN gateway or VPN Client. This might Block your LAN traffic. Enable Split tunnel will help you to solve the problem

New Member

Re: Checkpoint VPN client from behind a PIX

My understanding is CheckPoint visitor mode use tcp 443. Check if tcp 443 is allowed through your PIX. If you use a proxy server set proxy setting in Visitor mode.

CheckPoint VPN client has a good tool "srfwmon.exe". Try srfwmon to monitor traffic in and out of the client PC.

CreatePlease login to create content