Checkpoint to Cisco - Hardware VPN works, software doesn't

["Northrup, Tyler" <tnorthru () usd edu>]

I have a Checkpoint NG FP3 at one site and a Cisco 3030 concentrator at the
other.  There is a hardware-based ipsec tunnel between the checkpoint and
concentrator with network lists allowing 5 systems to communicate between
the networks (see below).  This tunnel works fine.

Server1 - |
Server2 - - - CHECKPOINT <> CONCENTRATOR - - - Server1
Server3 - |             |                              | - Server2
                        |
                        |
                        |
                software vpn

However, since configuring this tunnel, I have not been able to initiate
software vpn connections from behind the checkpoint to the concentrator
(worked previously).   These connections originate on separate network off
the checkpoint to the cisco concentrator.  It worked fine prior to
implementation of the IPSEC tunnel.  I know the traffic gets to the
checkpoint, but it either does not leave, or it leaves via the tunnel (which
it should not as these systems are not part of the network lists / rules)
and gets dropped.

I adminster the concentrator, but do not directly support the Checkpoint.
Any direction would be appreciated as I am working with the other
administrator to solve the issue.

Thanks,

Tyler Northrup
IT Security Officer
The University of South Dakota
605-677-5019 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards