VPN problems

[pbjarvis2000]

I am trying to diagnose the error message communication with site xxx failed on secure remote. I have tried telneting into the external ip address of the firewall Port 500 from a remote laptop but it fails. When I telnet into the inside Ip address on Port 500 it works fine. the VPN inside the network works fine. when I run netstat -a I see that it is listening to port 500. I am running Checkpoint NG with AI. the secure remote client is build 619. Where do I start?

[melipla]

If you can't connect to port 500 externally and you see the firewall listening on that port then I'm guessing your rulebase denied the connection. The log viewer should tell you why. Generally the Log Viewer (aka SmartView Tracker) is a good place to start for troubleshooting.

[pbjarvis2000]

For testing purposes I manually added a rule at the top of my rulebase that allows any ip address to my firewall for port 500 but it is still denied. In the logviewer it comes across as accepted but nothing else.

[pbjarvis2000]

Problem fixed. Ran a packet sniffer noticed that everything going to my external interface for port 500 was attempting to be translated to an internal ip address on my network. After searching through my network objects I found an object being statically translated to my external firewall ip address. After removing that entry it fixed the problem.
Thanks