NAT and Checkpoint SecureRemote

NAT and Checkpoint SecureRemote

Post by Dani » Fri, 20 Dec 2002 14:25:28



Hi all,
I have been struggling for a while now to have the following setup
work (Mandrake8.1 server). i am  using NAT (iptables and masq).

internet<-->etho(216.13.111.11)<-->eth1(192.168.1.253)<-->clients(192.168.1.x)

I can get a VPN handshake from a client behing the firewall to a
Checkpoint VPN server on the internet. I can also ping the private ip
at the end of the vpn tunnel (100.100.100.x).

But when I try to run pcanywhere through it it keeps waiting on a
connection. I can also run PCanywhere (without using the VPN) from
clients behind the firewall just fine (to any pcanywhere host on the
internet).

After googling I see a lot of problems with checkpoint vpn and linux
NAT. I have read somewhere that checkpoint needs/demands a valid ip.
anyway to cut it chase DOES ANYBODY have this working and if so HOW?
I'm pretty sure routing and masq is working fine.

Please can somebody give me some help/tips/hints! Thanks

 
 
 

1. Checkpoint secureremote with IPMasq

I'm trying to get a VPN to work with Checkpoint's SecureRemote client.
My ISP uses NAT - presenting a fixed routable address to the Internet
and passing the traffic back to me on a fixed private address over
DSL.  I also have a second dynamic address also on NAT.  At the Linux
box I use IPMasq to pass traffic back to a couple of Windows PCs and
IPChains to hold back the masses.  

When I hook up a laptop to the DSL bridge I can connect over the VPN
using the fixed address or dhcp.  When I try to go through the Linux
box it doesn't work.  I opened the firewall to the appropriate UDP
traffic from work - I even opened the firewall to all traffic from
work.  Still no dice.  I am not aware of any need for portforwarding
any return connections from teh VPN server or anything like that - but
I may have missed something there.  Does anyone have any suggestions?

2. xdm and shadow-mk

3. Using Checkpoint's SecureRemote through IPCHAINS firewall (VPN)

4. POSIX shell script style guide

5. Client Linux for CheckPoint /SecureRemote

6. Linux on NEW Intel Dual PII/333 mother board

7. Nokia IP400 Firewall and Checkpoint (The Fastest Checkpoint Firewall Box)

8. Spontaneous reboot while booting && CONFIG_MOUSE

9. Matrox Mystique ands X.

10. DHCP+SecureRemote+Firewall+DSL Problem

11. Nat to Nat?

12. NAT-T (NAT Traversal) support for Linux

13. Specific nat problem - GURUS HELP (bug in pf/nat?)