 | ||
 UTM-1 450 | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2008-05-11 | |||
| |||
 UTM-1 450 have FW's set up using 1 for trusted and 1 for DMZ (physically 2 seperate boxes) coming from a Nokia enviroment to bascially SPLAT on CP boxes. from trusted to DMZ use a hide NAT for VPN's example 172.16.1.50 would be hide NAT on DMZ for Trusted to use. problem is VPN's not able to pass traffic, have used Manual NAT and Automatic NAT far end doesn't see any traffic, able to encrypt and create tunnel but not able to pass traffic. This is with several vendors as well as site to site from UTM box back to Nokia's at main site. Have manually added proxy-arp table in Linux portion this is how conditional NAT's are working for all devices terminating in networks. Is there anything different for standing up VPN's on the UTM boxes? Problem is with PIX/Concentrator/Cisco Routers with VPN modules and Other Check Points.  |
| 2008-05-14 | |||
| |||
| Re: UTM-1 450 Quote:
|
| 2008-05-14 | |||
| |||
| Re: UTM-1 450 VPN works fine with the UTM-1 Appliances. The issue is in your configuration - I'd be checking whether you are disabling NAT within your VPN community, and/or if your NAT rules are affecting VPN traffic. Have a look in the logs at the xlate_src values of the packets that aren't working. |
| 2008-06-20 | |||
| |||
| Re: UTM-1 450 to update post with how this was fixed: had arp issue on Trusted FW could see Synch Ack on DMZ but only Synch so on DMZ fw made manual entry on arp table (created /etc/proxy-arp, pulls from rc.local so on reboot survives) to point to MAC address that Trusted FW has interface in. ran netstat -rn got IP address to go to perm and all is working now. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
