Are you running IKE?
If so, you need to go to the Encryption tab for your users (hope you don't
have too many in this situation), edit the IKE properties encryption tab
again, and make sure that the Transform radio button is set to ESP, not AH.
I can't remember the technical reason for it - it has something to do with
the checksum headers not including the original IP address.
You may also need to pinhole IP Type 50 on the remote firewall.
Cheers,
Craig
-----Original Message-----
From: Pere Camps [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 10 August 2000 9:48 p.m.
To: [EMAIL PROTECTED]
Subject: SecuRemote and NAT
Hi!
We're trying to setup FW-1 with SecuRemote which sits behind a
hide NATed firewall (1:n)
We've acomplished to get the key negotiation process OK (the log
show it's fine and that it's coming from the NATed interface).
However, as soon as the key management is done, the FW-1 tries to
sends the packets back to the IP of the original interface and not to the
NATed interface. And of course, those packets never get back to
SecuRemote.
We've tried with both hide (1:n) (the one we want to get it
working with) and static (n:n) (just for experimental purposes) and it's
not working.
We're using FW-1 4.1 SP2 with the latest SecuRemote. From the
docs, hide mode VPN should work with this new SP2 thanks to UDP
encapsulation.
Any hints on how to get this working would be greatly appreciated.
Regards,
-- p.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
