netscreen support checkpoint secureclient 4.1

[antonyso88]

I have a user running secureclient 4.1 (very old version :{ ) through our netscreen 5.0.0 version. After i upgrade the netscreen to 5.3.0, the connection is failed.

Do anyone has my similar experience?

[gavvys]

Hi
Well I have discussed your problem with my Netscreen friends but they havn't faced any such issue.
Make sure that Ports 500 and 4500 are open at the Firewall.
Let me know what do you see in the smartview logs.Do you get any logs or not?Also check the Netscreen logs also.

Please let me know we will troubleshoot the issue.

Regards
Ranjit

[antonyso88]

I can't check the smartview side as it is another company. I just can see the netscreen log. But unfortunately, i can't see any log in the netscreen. In addition, i also set the service the "ANY" but still failed.

I am thinking this version is not compatiable with netscreen 5.3 version.

Below is a bug i found in checkpoint secureclient 4.1

UDP encapsulated packets do not reach the destination

Solution ID: skI4512
Creation Date: 09/09/2001
Revised Date: 04/18/2002

Environment: FireWall-1 4.1 SP4, VPN-1 4.1 SP4, SecuRemote 4.1 SP4, UDP Encapsulation, Cisco PIX, Intrusion detection

Symptoms:
UDP encapsulated packets do not reach the destinationUDP Encapsulated packets report about incorrect packet sizeUDP encapsulated packets are dropped by Cisco PIX with intrusion detection software installed

Cause:
In UDP encapsulated packet, the total packet length does not match the actual packet size. The UDP header does not include the 8 bytes for the header size. In the header, the number of bytes of data is used as the "length" of the UDP packet. If the 20 bytes of the IP header are added, the overall length of the packet is 8 bytes shorter than the length reported in the IP field "Total length". This appears to be a problem only if there is an intrusion detection device monitoring the network.

Solution:
Solution is yet not available. Currently under investigation.