Title: Checkpoint VPN-1 and Cisco PIX VPN

I am trying to get a workstation sitting behind a PIX515 firewall with VPN license to connect to a server sitting behind a Checkpoint firewall running VPN-1.  Here is the response I got back from a Cisco Engineer:

                          After consulting with Checkpoint support, it was concluded that unless

                          Cisco has a way of tunneling the packet thru the natting device the Checkpoint

                          Firewall would always drop the packet because of checksum differences.  What

                          happens is the checksum generated of the pix is done using the main ip address of

                          the device. When the Checkpoint firewall verifies the checksum it does so

                          with the virtual address, the one found as the source address in the packet. The

                          verification thus fails and the packet is dropped.

Any help would be appreciated.

Reply via email to