Hi, has anyone out there had any experience with setting up a VPN between a Checkpoint NGX R65 with a Microsoft ISA Firewall.
We have configured our Checkpoint as usual but with tunnel management set as per host. Strange thing is we can do the key exchange, exchange hosts, and can even see the application being tested incoming, the packets comes into our firewall which is then decrypted, this then Nat's correctly and so forth to the destination server, so all looks fine I even do a tcpdump on the internal interface on our firewall and can see packets being exchange between the translation source IP and translated destination server, however the user does not get any response back. If all looks fine and address translation is happening and we do not see any errors in our logs, then does anyone please know what might be the problem? Has anyone out there had any experience with setting up a VPN between a Checkpoint NGX R65 with a Microsoft ISA Firewall? We have configured our Checkpoint as usual but with tunnel management set as per host for this one device The user below gets the messages in his ISA Firewall log Log type: Firewall service Status: A connection was closed because no SYN / ACK response is received from the server Log type: Firewall service Status: A connection attempt failed because the connected party did not properly respond after a certain period of time, or established connection failed because connected host has failed to respond Is there anything I have missed, why would the user not get a response back? Also if we do a tcpdump on the external interface of the firewall for the host address connecting, not the vpn gateway address, would we see this, or is this within the tunnel and the only thing we should see is ISAKAMP, reason I ask is that we do see on the external interface connections on say port 3389, surely this is not right Thanks Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway.
