My mistake of the Topology
FW(192.168.1.1)----->(192.168.1.2)Router(80.1.1.1)
2009/6/3 Ryan West <rwest_at_zyedge.com>
> Hello,
>
> I'm not sure if I follow your scenario, are you trying to establish phase 1
> using the public address of 80.1.1.1 to an internal router at 192.168.1.1?
> Forwarding ISAKMP and ESP to the internal host should work, are you sure
> aren't listening for IKE packets on R2 external interface?
>
> -ryan
>
> -----Original Message-----
> Subject: PAT IPSec-FW Issue
>
> I have tried today to make PAT IPSec to a checkpoint FW, but without
> succeed.
>
> R1(192.168.1.1) ----->(192.168.1.2) R2 (80.1.1.1)
>
> ip nat inside source static tcp 192.168.1.1 500 80.1.1.1 500
> ip nat inside source static udp 192.168.1.1 500 80.1.1.1 500
> ip nat inside source static ucp 192.168.1.1 4500 80.1.1.1 4500
> ip nat inside source static esp 192.168.1.1 80.1.1.1
>
> Does anyone have ever tried to configure this even without a Checkpoint FW
> -
> could be ASA or any other FW Vender ?
Blogs and organic groups at http://www.ccie.net
Received on Thu Jun 04 2009 - 10:27:16 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:36 ART