Hello All !

It's my first post so I'm not sure it's a good place to put here a post like this.

I was trying to setup vpn connection with my Checkpoint NG R55 using SecuRemote client.

All Checkpoint's interfaces are private addresses so to connect from outside
NAT is performed on Cisco Router which serves as gateway to internet and one of it's interfaces is public.
The router is Cisco 832 SOHO Router.

Here's how it looks like:
I connect to public interface of the router with SecuRemote client.
The client is connecting to Firewall then I have a window asking for username and password but when client is exchanging keys with firewall nothing happens and I have a error that Communication failed.

on Checkpoint's side all is ok. I've setup a Remote access community, group, users, rules, ...
When I connect from internal network everything is fine
so I suppose problem is on Cisco Router - especially NAT configuration

Should I forward some ports to external clients ?
if yes which one ?

I've tried with forwarding udp-500 (IKE), tcp-264 (fw1_topo) ...
but it didn't help

any ideas and suggestions appreciated.

Thank You

Welcome to Speedguide!

It's been awhile since I worked on Checkpoint, but when I used SecurRemote I didn't have NAT performed by the Cisco (I used a 1720 series router) but rather the Checkpoint firewall directly (I ran Checkpoint on the Sun V60x series servers). The gateway for the LAN was the Checkpoint boxes, and all rules, NAT etc was configured from within Checkpoint, not the Cisco. The Cisco was only there to facilitate connectivity between our public IP block & the real firewall, not to act as a NAT device/firewall on its own.. Did your internet provider setup and configure your router or did you do it on your own?

Hello

I have configured Cisco router by myself,

but now I'm almost sure that it's NAT on Cisco that brakes the IPSEC tunnel. I think the solution is to made one of Checkpoint's interfaces public and enable NAT also.

Tkanks for Your answer.