ruswahyudi
Technical User
We have some CheckPoint Securemote clients resided behind our corporate CISCO PIX firewall. Those clients need to connect their headquarters using CheckPoint Securemote client.
According to the Securemote documentation, we need to make a "hole" in our CISCO PIX firewall as follow:
Allow Outbound traffic to the Internet for followin protocol:
+ AH : IP type 51
+ ESP : IP type 50
+ IKE : UDP 500
+ VPN1_IPSEC_encapsulation : UDP 2746
The first two are IP type instead of TCP/UDP protocol.
Usually, we have just made access-list and allow tcp/udp port which eq xxx to go to the Internet.
But, I have no idea about how to open IP type 51 & 50 in CISCO PIX firewall? What the configuration needed to be setup in CISCO PIX to allow such traffic?
Regards,
Ruswahyudi
According to the Securemote documentation, we need to make a "hole" in our CISCO PIX firewall as follow:
Allow Outbound traffic to the Internet for followin protocol:
+ AH : IP type 51
+ ESP : IP type 50
+ IKE : UDP 500
+ VPN1_IPSEC_encapsulation : UDP 2746
The first two are IP type instead of TCP/UDP protocol.
Usually, we have just made access-list and allow tcp/udp port which eq xxx to go to the Internet.
But, I have no idea about how to open IP type 51 & 50 in CISCO PIX firewall? What the configuration needed to be setup in CISCO PIX to allow such traffic?
Regards,
Ruswahyudi