We have a client who needs to establish a IPSEC VPN back to a CheckPoint firewall. The people who control the Checkpoint don't want to establish a traditional VPN. They are requiring a VPN, but all of the traffic going across the VPN tunnel is NAT'd; all of the traffic sent to them is seen coming from the external IP address of the PIX and not from the Internal network behind the PIX. When the client is accessing a web based application "behind" the Checkpoint, they are told to use a public IP address.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
PIX 6.3(4) to Checkpoint VPN
- Thread starter microdude
- Start date
Ok, this is not a problem. When I have done this in the past, I set up a static mapping for the particular public IP that they needed. It was marked as interesting traffic. The only difference from the "traditional" vpn is that I didn't use the "at (inside) 0" command.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
