If you are using Nokia... I saw the same problem with Cisco VPN client through Nokia and IPSO 3.8 Nokia Resolution 21405 said to try ipsofwd slowpath. This worked, but only on a single module. It did not work through a VRRP pair.
>Subject: [FW-1] VPN client through FW-1 NG AI R55 > >Greetings, > >I'm trying to use an AT&T supplied VPN client through our internal FW to >connect to an AT&T controlled VPN server. The VPN is established but I >can't fully communicate unless I configure a one-to-one NAT. The client is >configured to use UDP encapsulation, but it's not used by the client. >During the ISAKMP negotiation I see that FW-1 does not changed the source >port of the negotiations (UDP 500 <--> UDP 500). I believe this is >confusing the remote VPN server (which I suspect is looking for a NAT-T type >translation) and it is not requesting UDP encapsulation. > >Anyone see this before (I've had no luck in the archives.) > >Does anyone know of a way to force FW-1 to perform source port translation >on ISAKMP negotiation? >Thanks, >-Steve S. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
