We have SecureXL turned off, and flow disabled. We tested the client in
the DMZ and it seems to operate ok, but it never needs to activate UDP4500.
-E
cisco4ng wrote:
> I have a similar configuration as yours (nokia vrrp with IPSO 4.1 build 33
> and NGx R61 with
> HFA_01). The nokia is being managed by Provider-1 NGx R61 with HFA_01. But
> my is
> working perfectly. Cisco VPN client behind the firewall can connect to a
> remote Cisco
> Pix firewall without any issues. However, in my case, I have automatic
> "hide" NAT.
> In other words, I create network 10.x.x.x/x and under the nat properties, I
> specified
> the firewall for "hide" NAT. I also have flow enable (ipsofwd list with
> flowpath) and
> SecureXL enable able as well (fwaccel on). I don't think it has anything
> to do with
> flow or SecureXL because it works for me.
--
Thanks,
E. Recio
The use of anthropomorphic terminology when dealing with computing systems
is a symptom of professional immaturity.
-- Edsger Dijkstra
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
