help on http traffic thru vpn tunnel

[jim3725]

ipsec tunnel using nortel contivities.
2 sites, one remote , one HeadQuarters
Traffic routes thru ipsec tunnel successfully and a Checkpoint Firewall will pass traffic out the internet router. The remote site can ping FW and viceversa.
ONly when I set a proxy setting of Checkpoint FW interface on the remote pc can I pass http traffic thru checkpoint fw
Any ideas would be appreciated

 

[John Lewis]

Not real sure that I understand your situation, but I'll take a stab at it.

First time I read your post, I got the impression that you are wanting to allow the client to access the internet without passing the internet traffic throught the VPN. In that case . . . The Nortel client software has an option to force all network traffic through the VPN. Sorry I can't point you to the exact setting. I don't have the software in front of me, try to avoid it when possible. Look for a setting along the line of 'use default gateway on remote network'. This is further complicated by the fact that an administrator of a Nortel VPN gateway can build a custom version of the client that has some features disabled or strictly enforced, so the option may not be there at all.

You will also need to enable the 'use default gateway on remote network' on the client's intenet connection, whatever that may be. This has the effect of setting a default route to the internet, so you may need to manually add a static route to the LAN on the host side of the VPN in order to access the resources there.

Another reading of your post gives me the impression that you are unable to access resouces on the LAN on the host side of the VPN. This agian relates to routing, but in this case you are only missing the route to the host network on the client machine.

Hope some of this makes some sense. If not, or if I have missed your problem, post back with a better description of your situation.