Hello,
I'm not sure if I follow your scenario, are you trying to establish phase 1 using the public address of 80.1.1.1 to an internal router at 192.168.1.1? Forwarding ISAKMP and ESP to the internal host should work, are you sure aren't listening for IKE packets on R2 external interface?
-ryan
-----Original Message-----
Subject: PAT IPSec-FW Issue
I have tried today to make PAT IPSec to a checkpoint FW, but without
succeed.
R1(192.168.1.1) ----->(192.168.1.2) R2 (80.1.1.1)
ip nat inside source static tcp 192.168.1.1 500 80.1.1.1 500
ip nat inside source static udp 192.168.1.1 500 80.1.1.1 500
ip nat inside source static ucp 192.168.1.1 4500 80.1.1.1 4500
ip nat inside source static esp 192.168.1.1 80.1.1.1
Does anyone have ever tried to configure this even without a Checkpoint FW -
could be ASA or any other FW Vender ?
Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 03 2009 - 16:00:55 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:36 ART