Re: HELP! - Check Point Firewall and Nortel VPN client = Banner Text Hanging

Thanks for your help Triffid. The Nortel box is out of our control,
so I'll have to find out what they've got setup.

It's one of those things, that is so close to finding the answer..

JL

On Sat, 26 Nov 2005 18:52:37 -0500, Triffid <triffid@nebula.net>
wrote:

>
>
>me@the.computer wrote:
>> Hello,
>>
>> I was hoping someone might be able to provide any help with this?
>>
>> We recently upgraded our crappy little firewall (3com) to a
>> Nokia/Check point firewall (NG with AI). Before the upgrade, we had
>> some PC's that had a VPN connection off-site using Nortel VPN client
>> connecting to a Nortel VPN box.
>>
>> After the upgrade, this has failed to work, and always hangs at
>> 'Retrieving Banner Text.' I have done loads of searching on the net,
>> and so far have tried just about everthing I could find on the
>> subject. I have been speaking to a person who knows Check Point, and
>> he mentioned something about NAT Traversal over TCP that would fix the
>> problem, but I'm not sure where to configure this in the Dashboard?
>
>I use UDP encapsulated IPSEC for NAT traversal. You configure that on
>the Nortel. I also have the Nortel outside the Checkpoint so the
>firewall can inspect the traffic after it comes out of the tunnel.
>
>I suspect the hang at 'Retrieving Banner Text' is a red herring, since
>that uses UDP 10001 - which you already have open.
>
>> I have these protocols enabled:
>>
>> ESP (50)
>> IKE (500)
>> IKE_TCP (500)
>> AH (51)
>> Port 10000 (UDP & TCP)
>> Port 10001 (UDP)
>> Port 17 (UDP & TCP)
>> Port 2746 (UDP)
>>
>> The VPN clients WILL connect however, if I assign the PC it's own
>> external IP address.
>
>Sounds like a routing problem, doesn't it.
>
>Triffid
>
>> As we do not have unlimited external IP's, that
>> really is not an option.
>>
>> Any help, tips or pointers would be very much appreciated!
>>
>>
>> JL
Received on Sat Dec 3 04:18:42 2005