I am trying to get a workstation sitting behind a PIX515 firewall with VPN license to connect to a server sitting behind a Checkpoint firewall running VPN-1. Here is the response I got back from a Cisco Engineer:
After consulting with Checkpoint support, it was concluded that unless
Cisco has a way of tunneling the packet thru the natting device the Checkpoint
Firewall would always drop the packet because of checksum differences. What
happens is the checksum generated of the pix is done using the main ip address of
the device. When the Checkpoint firewall verifies the checksum it does so
with the virtual address, the one found as the source address in the packet. The
verification thus fails and the packet is dropped.
Any help would be appreciated.
