awgooch
asked on
Allow CheckPoint SecureClient connection though PIX 501
What are the exact configuration changes necessary to allow a Check Point SecureClient to connect to a VPN while behind a PIX 501? Or before the question can be answered what info do I need.
SecureClient gives me 2 NAT traversal mechanisms
1) Support IKE over TCP
2) Force UDP Encapsulation
Pix Version 6.3(1)
PDM Version 3.0(1)
Inside Interface 139.126.X.X
Outside Interface PPPoE (66.220.x.x)
SecureClient gives me 2 NAT traversal mechanisms
1) Support IKE over TCP
2) Force UDP Encapsulation
Pix Version 6.3(1)
PDM Version 3.0(1)
Inside Interface 139.126.X.X
Outside Interface PPPoE (66.220.x.x)
ASKER
Can you tell me more about the static 1-1 nat map using a spare puplic IP?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
2) use the command "isakmp nat-traversal 20"
3) set client to force UDP encap (requires configuration on the Check Point end to allow this)
Alternative to upgrading:
1) Create a static 1-1 nat map using a spare public IP
2) set client for either TCP or UDP (depending on how the Check Point end is set up)