---------- Forwarded message ----------
From: W�W)W� W�W�W�W W� <eshedalonie_at_gmail.com>
Date: Thu, Jun 4, 2009 at 10:22 AM
Subject: Re: PAT IPSec-FW Issue
To: Ryan West <rwest_at_zyedge.com>
I am trying to open IPSec Tunnel to internal FW by using PAT Commands.
the Router is connected to the service provider line. I have a FIX Internet
IP In the router.
Phase 1 + Phase 2 .
2009/6/3 Ryan West <rwest_at_zyedge.com>
Hello,
>
> I'm not sure if I follow your scenario, are you trying to establish phase 1
> using the public address of 80.1.1.1 to an internal router at 192.168.1.1?
> Forwarding ISAKMP and ESP to the internal host should work, are you sure
> aren't listening for IKE packets on R2 external interface?
>
> -ryan
>
> -----Original Message-----
> Subject: PAT IPSec-FW Issue
>
> I have tried today to make PAT IPSec to a checkpoint FW, but without
> succeed.
>
> R1(192.168.1.1) ----->(192.168.1.2) R2 (80.1.1.1)
>
> ip nat inside source static tcp 192.168.1.1 500 80.1.1.1 500
> ip nat inside source static udp 192.168.1.1 500 80.1.1.1 500
> ip nat inside source static ucp 192.168.1.1 4500 80.1.1.1 4500
> ip nat inside source static esp 192.168.1.1 80.1.1.1
>
> Does anyone have ever tried to configure this even without a Checkpoint FW
> -
> could be ASA or any other FW Vender ?
Blogs and organic groups at http://www.ccie.net
Received on Thu Jun 04 2009 - 10:23:47 ART