Firewall Wizards mailing list archives
Gauntlet VPN and /or PGPnet problem
From: Evgueni Martynov <Evguenim () asciitech com>
Date: Mon, 16 Aug 1999 12:58:10 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,everybody; We are having some trouble setting up the VPN using the Gauntlet VPN server and the PGPnet client. We have the following problem with establishing VPN chanel. We have two networks in our lab. 192.168.3.0 - inside network 192.168.4.0 - outside network Firewall Gauntlet GVPN v5.0 NT (192.168.4.25) Client: PGP Desktop Security v6.5 RSA - PGPnet VPN (192.168.4.75) ftp and telnet server - 192.168.3.10 Firewall and PGPnet client have certificates issued by Certificate Authority (Net Tools PKI server). I set up "private link" for VPN and try to connect (telnet or ftp) from outside computer with PGPnet VPN Client to inside, but I can't connect :-( What's wrong? This is several strings from log file: <13> 1999-08-16 09:32:58 gauntlet: IPSEC non-encrypted output packet discarded: link: VPN Link 1 if=1903a8c0 src=192.168.3.0 gw=0.0.0.0, dst=0.0.0.0 <13> 1999-08-16 09:33:07 gauntlet: informational: UDP packet allowed by packet screening rule if=192.168.4.25 src=192.168.4.75, dst=192.168.4.25, srcport=500, dstport=500 <13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed by packet screening rule if=192.168.4.25 src=192.168.4.75, dst=192.168.4.25, srcport=500, dstport=500 <13> 1999-08-16 09:33:08 GauntletIKE: Validating Peer's Certificate... <13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed by packet screening rule if=192.168.4.25 src=192.168.4.75, dst=192.168.4.25, srcport=500, dstport=500 <13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed by packet screening rule if=192.168.4.25 src=192.168.4.75, dst=192.168.4.25, srcport=500, dstport=500 <13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed by packet screening rule if=192.168.4.25 src=192.168.4.75, dst=192.168.4.25, srcport=500, dstport=500 <13> 1999-08-16 09:33:11 telnet: permit host=nodnsquery/192.168.4.75 destination=192.168.3.10 port=23 <13> 1999-08-16 09:33:11 gauntlet: IPSEC non-encrypted output packet discarded: link: VPN Link 1 if=1903a8c0 src=192.168.3.0 gw=0.0.0.0, dst=0.0.0.0 after some time ... <13> 1999-08-16 09:33:34 gauntlet: IPSEC non-encrypted output packet discarded: link: VPN Link 1 if=1903a8c0 src=192.168.3.0 gw=0.0.0.0, dst=0.0.0.0 <13> 1999-08-16 09:34:00 telnet: connected host=nodnsquery/192.168.4.75 destination=192.168.3.10 port=23 <13> 1999-08-16 09:43:54 telnet: exit host=nodnsquery/192.168.4.75 dest=192.168.3.10 in=0 out=0 user=unauth duration=643 - -------------------- ftp session with "private link" : <13> 1999-08-12 09:15:54 ftp: permit host=nodnsquery/192.168.4.75 connect to 192.168.3.99 <13> 1999-08-12 09:16:44 ftp: [tid=151] CONN_SERVER - failed - dest=192.168.3.99 port=0x15!! <13> 1999-08-12 09:19:32 ftp: [tid=151] CONN_SERVER - failed - dest=192.168.3.99 port=0x15!! <13> 1999-08-12 09:19:32 ftp: exit host=nodnsquery/192.168.4.75 cmds=1 in=0 out=0 user=unauth duration=218 [tid=151] DO_REQ on the client: C:\>ftp 192.168.3.99 Connected to 192.168.3.99. 521 192.168.3.99: connect: 10060 User (192.168.3.99:(none)): 220 lab1 FTP proxy (Version 5.0) ready. ftp> ls 521 192.168.3.99: connect: 10060 Connection closed by remote host. ftp> - --------------------- When I use "trusted link" in GVPN, I can telnet/ftp from outside computer to inside network, but I can't connect from inside computers to outside! The only allowed connection is - between inside computer (behind the firewall) and computer with PGPnet VPN (witch has a certificate issued by CA) Has anybody had such problem with Gauntlet GVPN v5.0 and PGPnet? Any comments would be greatly appreciated. Thank you. Evgueni. -----BEGIN PGP SIGNATURE----- Version: PGP 6.5 Comment: Ascii Technology Inc. www.asciitech.com 1-800-787-2344 iQA/AwUBN7hC4lGk0lqk8yU3EQL/UgCfZ6jW5K8pN2DJNFct3extLYGQyz0AoJRV ZIvlBVlKTf5njXTjqqp2TD7J =7K8u -----END PGP SIGNATURE-----
Current thread:
- Gauntlet VPN and /or PGPnet problem Evgueni Martynov (Aug 17)