Hi,
Setting up a remote VPN solution using a 7210 controller (working to Clearpass).
For security reasons, I have placed the controller behind a firewall. This is having traffic hit the public IP; Checkpoint NATs this to an internal address which the controller has.
The checkpoint firewall is set to allow UDP&TCP 500/4500 - so should be all the IKE ports.
I can see traffic coming through; but when the controller starts to negotiate the traffic through UDP 4500; it fails and does not progress to this stage. It negotiates UDP500; the next part of this VPN should then be UDP 4500 but the controller never sees that phase.
I checked the firewalls logs; can see UDP4500 being sent but the controller doesn’t get that far when I check the controllers logs.
Does anyone know if there’s something different you need to do when the controller is behind a firewall with NAT? Is this checkpoint being funny? (I enabled any port on the rule to see and it still has same behaviour).
Do I have to do something to controllers internal firewall by default?
Thanks
#7210