DSL user via Checkpoint FW1 not allowed...help!!

[Techlite]

Hi Gurus,

We have Checkpoint Firewall 1 ver 4.0 running in our office. Dial-in VPN users via 56K modems are able to connect into our network through the Cisco AS5200 - painfully slow though!. DSL users get authenticated by the firewall but cannot connect into the network. Would you guys know why this is happening to the DSL users or how I could solve this problem ? Is it that this FW1 does not support NAT ?

If I replace the firewall with Cisco PIX 525 will it solve this DSL user connection problem ?

Please advise.

Many thanks,
Matts - USA

 

[MartinTre]

Hi Matts,

We had a similar problem with DSL. It was possible to download files from the internal network to the VPN-client. But when I tried to copy the file back from the client to the internal server it fails.
Then I reduced the MTU-Size on the client PC and after that I could copy files in both directions. (It also worked to reduce the MTU-Size on the Server but then you have to edit all of your internal systems you want to connect)
I think there must be a better solution to solve this problem but this is the only way I found. If you have a better idea please let me know.
And I’m sure it has nothing to do with NAT

Martin

 

[richgill]

Are you using SecureRemote? Is there NAT going on at the client side? (eg the DSL client has a router that performs NAT). If so, you may have problems. You must be running FW-1 v4 and SecureRemote v4 (and above) and even then there are restrictions. See

http://www.phoneboy.com/faq/0141.html

Good Luck!! fwiw...I used MS Windows 2000 RRAS & pptp instead!