This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CheckPoint SecuRemote VPN-Client through Astaro V4

Hi there,
I´m trying to connect my CheckPoint SecuRemote Client to our branch office. I´ve tried with Packet Filter any to any service any. The client got a timeout.
Anyone out there with the same problem?? Or any idea!?
Greetz

This thread was automatically locked due to age.

0 gnujuba over 22 years ago

hi,

1a)
- if you want to nat more than one connection, you have to enable udp encapsulation in your vpn client. look into your users.C file  and set "force_udp_encapsulation" to true. in new checkpoint clients you can  do this by enabling udp encaps somewhere in the gui.
- if you dont like your any any rule add a service "udp dst port 2746". this service will be used for the udp encapsulation.
1b)
-  if only one connection over asl is needed, just add an new service for PROTOCOL 50 an 51 (esp and ah) with all possible SPIs. (maybe you need this for 1a as well)
- dont forget to allow/nat protocols ESP and AH.

2) for key exchange you need to nat udp port 500 (both source and dst.) (your any any rule should work)

now try again and allways look at your dropped packets....
(in my case there were some dropped packets for tcp port 264 and some packets for udp dst. port 500 with source port higher than 1024 ... just add new services ....)

best site for checkpoint help:
http://www.phoneboy.com/
NAT and securemote:
http://www.phoneboy.com/fom-serve/cache/89.html

hava fun...

gnjb
Cancel
Vote Up 0 Vote Down

Cancel