Mikael,
I'd really appreciate if you could confirm this - I really have to know if I'm going to be successful with sending encrypted CP SecuRemote packets through Cisco PIX firewall before I deploy it.
Thanks,
Artur
| Mikael Olsson <[EMAIL PROTECTED]>
05/14/2002 02:00 PM
|
To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject: Re: Any experience with CheckPoint VPN client getting through Cisco PIXfirewall? |
[EMAIL PROTECTED] wrote:
>
> The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) on
> external network PCs to have them vpn through the remote network Cisco
> PIX firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5).
>
> I'm lookiing for possible issues with encrypted CP packets getting
> through Cisco PIX firewall - any ideas, please ?
Two "if"s here:
- IF the pix is picky about layer size mismatches
and
- IF checkpoint still hasn't fixed their broken encapsulation,
the problem is probably checkpoint encapsulation building b0rken
datagrams. I don't remember the specifics, but we got a support
case a while ago with someone running checkpoint VPNs through our
boxes, and having our stuff complain about layer size mismatches.
I think it was something like the IP header saying the datagram
had 1480 bytes IP data and the UDP header saying the total UDP
length was only 1472 bytes. (These two numbers should be identical).
As I said, I'm not 100% sure about the specifics here. I could
go dig in the support DB if you need more info.
/Mikael
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
"Senex semper diu dormit"
