Are you NATing at the client end? I've had some clients that behaved exactly the same way, set up and worked in test environment, and when put behind a remote NAT device would not work no matter what I did. Moving the remote client to another ISP made it work. Be sure your remote NAT device can pass port 500 (IPSec)and try adjusting MTU size. That sometimes helps. If all else fails and it is NAT'ed try seeing if you can get a static legal IP and map that to your VPN client. Do a search on "slipping IPSec past NAT" and you will find lots of articles that explain the problem.
Hal > -----Original Message----- > From: Mitesh Shetty/MUM/IN/STTL [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 27, 2004 2:06 AM > To: [EMAIL PROTECTED] > Subject: [FW-1] VPN Client and Win2k > > > Hello, > > We are running Checkpoint NG-AI .We have vpn client and the > client is using > Checkpoint VPN-1 SecureClient FP3 Build:53328. > We tested the client on a win2k with SP4 successfully. > The same client package when tired at ur end-user desktop > (win2k with sp2) > we were unable to connect to gateway. > In the smarttracker we see that packet from the the > vpn-client is able to > reach to gateway , the username and password is verified and then the > client is assigned a ip. > However the enduser is doesn't get this ip address.The > tracker doesn't show > anything a part from this. > we then upgraded the enduser machine to SP4 and tired to > connect however we > were unable to do so . > The same client package when installed on a different > location seems to > work. > Software installed on the end-users machine are Microsoft office,Java > Runtime ,Configsafe,Winzip,IBM Backup and Restore. I don't > think any of > these software would actually affect installion of VPN client package. > Any clues on how to go about solving the issue ? > > Thanks in advance > > Regards > Mitesh S Shetty > Technical Support (Security) > Softcell Technologies Limited. > > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
