Re: VPN Symantec Gateway Security - Checkpoint Firewall

sk71@xxxxxx wrote:
Hi all.

Can anybody help me to following problem?

I have to connect a Symantec Gateway Security 5400 Series (SGS) to a
Checkpoint firewall. Only some Client's behind the SGS should be able
to connect to the Checkpoint firewall per Checkpoint Client Software.

The Checkpoint Client Software tell me, that the VPN connection works.
But i can't reach any host in the network behind the Checkpoint
Firewall. The Administrator of the Checkpoint Firewall (CPF) told me
that all packages leave the firewall correct, so it seems the SGS is
probably not configure right.

A VPN connection without SGS, only the Checkpoint Client Software, is
working great.
So, the problem is really the SGS and its configuration.

What we do in these types of situations is a one-one NAT for each
internal IP that needs to connect. Most likely your SGS is not
allowing the packets back in. That is why I always test with a dial-up
connection first and then try from behind the firewall.

On the SGS side, setup a one-one NAT for each internal client to
one of your assigned external IP's and allow the necessary ports.