Securemote Linux Firewall cisco router 827

[haralambop]

I have follow topology:


Internal network Linux firewall (ipcop) cisco router 827
192.168.169.0/24 --- 192.168.169.10 10.99.99.2 10.99.99.1 - internet --- Checkpoint server FW1 -- 172.26.xx.yy

From my ISP i have 8 static IPS.
A have a pc running securemote NGX R60 on the 192.168.169.0 network
and in the linux firewall i have nat(ed) one of the eights IPs them (hide nat).
I can successfully connect to remote checkpoint-server (phase1), also authenticate (phase2).
Unfortunately i cannot make a connection to a remote sql-server on the checkpoint side
on the network 172.26.xx.yy.

[RobertGraham]

Make sure you have UDP encapsulation set on the SecuRemote client. Also, you want to check the logs that the proper port is open on your Linux firewall.

Also, please post the logs from the Check Point to see what's happening on that side. Are packets dropped? Do they ever arrive?

[haralambop]

Make sure you have UDP encapsulation set on the SecuRemote client.
Yes i have enabled this.
Also, you want to check the logs that the proper port is open on your Linux firewall.
I have open all incomming - ougoing ports for all protocols (tcp/upd/gre) for this
client.
Also, please post the logs from the Check Point to see what's happening on that side. Are packets dropped? Do they ever arrive?
Unfortunatly i d'not have any access to other side ( check point).

I have changed my topology

192.168.169.0/24 --- 192.168.169.10 official-ip1 official-ip2 - internet --- Checkpoint server FW1 -- 172.26.xx.yy

If i bypass the firewall and connect the pc direct behind the cisco router, i
d'not have any problem!