This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ArathCG
Participant
‎2022-03-07 12:59 PM

NAT-T and VPN issues with a CISCO Firepower

How's it going?


I have a question that I would like to clarify.
I have a 6600 appliance which cannot establish a VPN with a CISCO Firepower, I have global NAT-T enabled in the appliance properties. On the CISCO side they use UDP encapsulation, but on the Check Point side the tunnel is established through IPSec and not NAT-T. So the behavior seems strange to me.
I changed offer_nat_t_initator parameter to true in order so if the peer wants to switch to using NAT-T port 4500 during the negotiation, we will offer it.

But this didn't work.

Can NAT-T be forced over a specific tunnel?

Labels
0 Kudos
2 Replies
Magnus-Holmberg
Advisor
‎2022-03-07 01:15 PM

Had alot of issues with NAT-T and most have been resolved by changing to ike version2.

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
ArathCG
Participant
‎2022-03-07 02:06 PM
In response to Magnus-Holmberg

Hi Magnus.
Thanks for the comment. I forgot to mention that I am working on IKEv2.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events