[EMAIL PROTECTED] wrote: > > The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) on > external network PCs to have them vpn through the remote network Cisco > PIX firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5). > > I'm lookiing for possible issues with encrypted CP packets getting > through Cisco PIX firewall - any ideas, please ?
Two "if"s here: - IF the pix is picky about layer size mismatches and - IF checkpoint still hasn't fixed their broken encapsulation, the problem is probably checkpoint encapsulation building b0rken datagrams. I don't remember the specifics, but we got a support case a while ago with someone running checkpoint VPNs through our boxes, and having our stuff complain about layer size mismatches. I think it was something like the IP header saying the datagram had 1480 bytes IP data and the UDP header saying the total UDP length was only 1472 bytes. (These two numbers should be identical). As I said, I'm not 100% sure about the specifics here. I could go dig in the support DB if you need more info. /Mikael -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit" _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
