RE: Checkpoint VPN

[David West <davidawest () gmail com>]

Sounds like your ike/udp is fragmenting somewhere between the client
and your firewall. This almost always occurs with x.509 certificate
authentication as the cert is too big for a standard Ethernet frame
and dropeed by many cable/dsl routers. Try using ike/tcp. On your
gateway(s) enable support IKE over TCP in global properties and by
enable the following on in SecureClient for your sites profile:

+ Connectivity enhancements
+ Use NAT traversal tunneling
  - IKE over TCP
  - Force UDP encapsulation

David


-----Original Message-----
From: QTR [mailto:tmwhitm () gmail com]
Sent: Wednesday, 13 July 2005 12:09 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Checkpoint VPN


Hello, I was wondering if someone could point me in the right
direction.  I have come off a long run of managing Cyberguard
firewalls and am now in the Checkpoint realm, so forgive my ignorance.
 I am having an issue with secure client.  I have several SoHo users
whose default routers place them on a 172.16.0.0 network.  These users
cannot connect to the gateway.  Dumps on the checkpoint fw gateway
show no incoming packets and a dump on the client show udp 500 leaving
the client, which leads me to the router/firewall @ the SoHo.  Router
makes vary, anywhere from 2wire to netgear, the result is the same.  I
initially thought it had something to do with the routing topology
since our topology pushes a static route for a 172 network, but I had
the SoHo router changed to a 10 network that is statically routed in
the topology and that worked fine.  At this point I am at a loss.  Any
suggestions would be appreciated.

Thank you,
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards