Re: How to pass IPSEC through FW-1 4.1?

From: Erik Miller (bopew2000_at_yahoo.com)
Date: 07/06/03 

Date: Sat, 05 Jul 2003 23:05:19 GMT

Yeah, you probably are right. I am using a PIX 6.2 and CICSO VPN client
4.01
Thanks a lot!

"//_YoYo_//)" <paul_dawson2003@hotmail.com> wrote in message
news:98f77ca7.0307040147.4b14c63@posting.google.com...
> "Erik Miller" <bopew2000@yahoo.com> wrote in message
news:<XENMa.46654$T85.5397248@news1.telusplanet.net>...
> > Hi Guys,
> >
> > I don't know much about the IPSEC and firewall stuff, but I need get a
VPN
> > setup.
> >
> > My network is like this:
> >
> > Cisco VPN Client --> FW-1 4.1(NAT)-->Internet-->Cisco PIX firewall/VPN
> > Server
> >
> > I am trying to setup FW-1 4.1 to pass IPSEC traffic through, but so far
I
> > have tried both Transport and Regular(Tunnel?) mode without any luck.
> >
> > I added a rule to accept any IPSEC service between FW-1 4.1 and Cisco
PIX
> > firewall.
> >
> > I am pretty sure PIX VPN server is OK, since I have successfully
connected
> > it with the PC connecting directly to Internet.
>
> I'll bet the problem is NOT on the checkpoint firewall.
>
> If you are coming from behind a device that is natting (CP-FW1), you
> need to ensure that the pix is version 6.3 / concentrator version is
> 3.5 /client is version 3.5.
>
> Pix only supports IPSEC over UDP in version 6.3 and later since the
> NAT traversal has been added. It will only support IPSEC over TCP with
> the concentrator.

Relevant Pages

  • Re: How to pass IPSEC through FW-1 4.1?
    ... > I don't know much about the IPSEC and firewall stuff, but I need get a VPN ... > I am pretty sure PIX VPN server is OK, ...
    (comp.security.firewalls)
  • Re: Microsoft and their IPSEC security - no firewall?
    ... firewall and has vulnerabilities as such. ... Ipsec certainly has it's place securing ... but I would think you would be making a big mistake taking down your PIX ... all MS servers are patched ASAP and are running IPSEC for any ...
    (microsoft.public.win2000.security)
  • Re: Kindly help me with this PIX problem
    ... If you have read the configuration that I posted, ... firewall configuration didn't change over many years and it did work ... PIX, our company cannot send or receive email. ... That command allows ssh to the PIX, ...
    (comp.dcom.sys.cisco)
  • Re: Firewall for laptops, corporation with 1,000 laptops
    ... I disagree completely that all you need is a PIX to protect your network, ... PIX does nothing to protect you from VPN ... alerting, which are essential to a firewall solution, are lacking.] ... the PIX firewall does nothing to protect a roaming laptop from ...
    (microsoft.public.security)
  • Re: Cisco PIX fixup protocol command
    ... The PIX is a stateful firewall and maintains state on ... The reason why a security evaluation might result in a recommendation to ... is no need to have the SMTP fixup enabled. ...
    (Security-Basics)