Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 998 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Checkpoint NG and ASL

ScottA
I have a Checkpoint NG client inside my ASL trying to connect to a Checkpoint Firewall at a client site.  I can make a connection when I move the client outside ASL, but when behind the firewall I cannot connect.  I used a previous post to define the following services and rules:

Services:
Name Protocol S-Port/Client D-Port/Server
Checkpoint udp 2746 2746
Cisco xout udp 1024:65535 62516
IKE udp 500:500
ESP SPI 256:42949672

Filter Rules:
From (Client) Service To (Server) Action
Internal Network__Cisco xout Broadcast Allow
Internal Network__Checkpoint Any Allow
Internal Network__ISAKMP Any Allow
Internal Network__ESP Any Allow
Remote Network__ISAKMP Internal Network Allow
Remote Network__ISAKMP External_Interface Allow
Remote Network__ESP Internal Network Allow
Internal Network__IKE Remote Network Allow
Remote Network__IKE Internal Network Allow

Any help would be greatly appreciated.

Thanks!
    


This thread was automatically locked due to age.
Parents
  • 0
    Post your logs! (from the time you were trying to do this; watch long lines please, sanitize IPs...)  
  • 0 in reply to SecApp
    Well, part of my problem is that I am not seeing much log activity regarding this issue.  I checked both the packet filter log and kernel log, and neither had any logging pertaining to what I am doing. Are there any more logs that I should check?  The only log I am getting is coming from the Checkpoint NG client and it says:  
    Connecting to gateway... 
    Error: Communication with gateway abcd at site 1.2.3.4 failed.
    Gateway not responding
    Connection failed.
      
  • 0 in reply to ScottA
    Short of somebody who has had firsthand experience with NG, you're going to have to run a network trace to figure out what's going on.

    I found a discussion of somebody else using netfilter having similar problems: Checkpoint VPN through Iptables

    Let's see if somebody else has worked with NG client; I have not...
       
Reply Children
No Data
Cookie Information Banner