Ø CheckPoint VPN
§ Update firmware to latest version, reset to defaults.
§ Try forwarding ports 256, 564, and 500, in the Virtual Server
screen of the Barricade.
§ There also may be a "Use Through NAT Transparency Mode",
"Use through Firewall", or similar setting in the client software; if
so, select it.
§ Open port 500 in the "Virtual Server" screen of the Barricade
section and try again.
§ Set your computer up as the DMZ host under the "Misc Item"
section in the Barricade.
§ Try hard setting the MTU level to 576 and try again. This can
be done ether in the client software, the registry, or by a third party
program.
§ If you have tried all suggestions above and you are still unable to
use your VPN through the Barricade, then you will need to refer to
the VPN software developer for additional assistance.
Ø SecureRemote VPN
§ This application commonly uses IP Security so you will need to
open port 500 as stated before.
§ UDP Encapsulation Mode enables IKE/IPSec Secure Remote
users to traverse Network Address Translation devices, firewalls and
other devices that fail to handle IPSec packets. It also enables more
than one Secure Remote user to work with IPSec behind a port-
mapping NAT device, also known as dynamic NAT, (e.g., FireWall-
1 Hide NAT mode) with the same VPN-1/SecuRemote/SecureClient
gateway.
§ This is achieved by encapsulating IPSec packets inside UDP
datagrams. This option is negotiated in IKE. VPN-1/SecuRemote/
SecureClient supports this feature only in IPSec ESP mode (AH is
not supported).