This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Checkpoint Secure Client behind ASL

Hi all,

I have an Astaro Secure Gateway 6.101 - home user Edition - running to protect my private LAN.

To have a more powerful connection to the company I work, I'd like to connect via DSL to the company, useing the Checkpoint Secure Client on my Workstation.

The layout would look like this;

- - --- ---

For several reasons I don't want to establish a tunnel between the two firewalls.

I have no idea if this could work by opening some outgoing ports on the Astaro, or are there unrecoverable problems to expect, for instance due to NATting the CP Client ?

Tank you very much for comments.

This thread was automatically locked due to age.

Parents

0 NimmdirKeks over 20 years ago

Should be possible. The CP Client supports NAT-Traversal (going out over a NAT gateway).

Ports you need to ALLOW on the Astaro:
From Internal to External
Protokoll ESP
Protokoll AH
Port UDP 500 (ISAKMP)
Port UDP 4500 (Nat-Traversal)

Chris
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 NimmdirKeks over 20 years ago

Should be possible. The CP Client supports NAT-Traversal (going out over a NAT gateway).

Ports you need to ALLOW on the Astaro:
From Internal to External
Protokoll ESP
Protokoll AH
Port UDP 500 (ISAKMP)
Port UDP 4500 (Nat-Traversal)

Chris
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Gpenne over 20 years ago in reply to NimmdirKeks

Indeed it poses no problem. Been using it for a while now.
I just put 1 rule that allowed udp/500 (IKE) and udp/2746 (udp-encapsulation) outgoing.

ASL 6.101
Cancel
Vote Up 0 Vote Down

Cancel
0 Wolperdinger over 20 years ago in reply to Gpenne

Thank you very much for your replies - I'll hopefully have a try this weekend.

With regards

Wolperdinger
Cancel
Vote Up 0 Vote Down

Cancel