We have a Cisco VPN client connecting to a remote vendor site. Currently, it seems like the outbound IKE/IKE_NAT_TRAVERSAL is OK. However, we have a stealth rule on our NAT addresses. So on the way back in the VPN connection is being blocked on 4500. Should we move the VPN outbound rule before the NAT stealth. Get rid of the NAT stealth, as I don't think it is necessary, since everything is going to hit the cleanup rule, anyways. What's best practice. We already have a stealth rule on our interfaces.
-- Thanks, E. Recio ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
