Sounds to my like you are using IKE.
According to what I've read, you have to switch to FWZ. Try that if you haven't.
Title: [FW1] SecuRemote client with unrouteable ip address
I am experiencing a problem involving an SR client with an
unroutable 192.168.x.y ip address behind a Hide NAT gateway.
This client can authenticate, but not connect to a server in
my Encryption Domain behind a v4.0 SP7 FW-1 box. I am using
ISAKMP 3DES and have followed all the Phoneboy FAQ's.I guess my basic question is can FW-1 handle the 192.168.x.y
ip address it sees when it decrypts & decapsulates the ip 50
packets it receives from the SR client mentionned above? The
last log message seen before things die is the below:keyinst fw >daemon proto ip src 192.168.1.3 dst ... srckeyid ... dstkeyid ...
rule 0 scheme: ISAKMP methods: Combined ESP: 3DES + SHA1 (phase 2 completion)Someone must have this working out there - am I missing something simple?
__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
