<div>
1) upgrade PIX to 6.3(3) to enable nat-traversal<br />
2) use the command &quot;isakmp nat-traversal 20&quot;<br />
3) set client to force UDP encap (requires configuration on the Check Point end to allow this)<br />
<br />
Alternative to upgrading:<br />
1) Create a static 1-1 nat map using a spare public IP<br />
2) set client for either TCP or UDP (depending on how the Check Point end is set up)
</div>


1) upgrade PIX to 6.3(3) to enable nat-traversal
2) use the command "isakmp nat-traversal 20"
3) set client to force UDP encap (requires configuration on the Check Point end to allow this)

Alternative to upgrading:
1) Create a static 1-1 nat map using a spare public IP
2) set client for either TCP or UDP (depending on how the Check Point end is set up)

<div>
Can you tell me more about the static 1-1 nat map using a spare puplic IP?
</div>


Can you tell me more about the static 1-1 nat map using a spare puplic IP?

<div>
<div class="content wysiwyg-content">
What are the exact configuration changes necessary to allow a Check Point SecureClient to connect to a VPN while behind a PIX 501? Or before the question can be answered what info do I need.<br />
SecureClient gives me 2 NAT traversal mechanisms<br />
1) Support IKE over TCP<br />
2) Force UDP Encapsulation<br />
<br />
Pix Version 6.3(1)<br />
PDM Version 3.0(1)<br />
Inside Interface 139.126.X.X<br />
Outside Interface PPPoE (66.220.x.x)<br />

</div>
</div>


What are the exact configuration changes necessary to allow a Check Point SecureClient to connect to a VPN while behind a PIX 501? Or before the question can be answered what info do I need.
SecureClient gives me 2 NAT traversal mechanisms
1) Support IKE over TCP
2) Force UDP Encapsulation

Pix Version 6.3(1)
PDM Version 3.0(1)
Inside Interface 139.126.X.X
Outside Interface PPPoE (66.220.x.x)


Allow CheckPoint SecureClient connection though PIX 501

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Software Firewalls

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).