This sample configration demonstrates how to form an IPSec tunnel with pre-shared keys to join two private networks. In our example, the joined networks are the 192.168.1.X private network inside the Cisco Secure Pix Firewall (PIX) and the 10.32.50.X private network inside the Checkpoint. It is assumed that traffic from inside the PIX and inside the Checkpoint 4.1 Firewall to the Internet (represented here by the 172.18.124.X networks) flows prior to beginning this configuration.
Thank you. The tunnels were coming up however the checkpoint box kept trying to build another ipsec session inside the tunnel. This is because the Checkpoint box was configured to send tunnel test packets. Adding in an ACL for interesting traffic to permit the Checkpoint peer to Cisco peer allows this ipsec session to be created and the messages have stopped.
Presumably the Checkpoint box could be configured to not send these packets as well.
Could you provide some more detail on this fix, I am having the same problem between a Checkpoint and our new ASA. Tunnel works but I get errors and users do experience some session issues to a server.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...