Gauntlet VPN and /or PGPnet problem

[Evgueni Martynov <Evguenim () asciitech com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello,everybody;

We are having some trouble setting up the VPN using the Gauntlet VPN
server
and the PGPnet client.  

We have the following problem with establishing VPN chanel.
We have two networks in our lab.
192.168.3.0  - inside network
192.168.4.0  - outside network
Firewall Gauntlet GVPN v5.0 NT (192.168.4.25)
Client: PGP Desktop Security v6.5 RSA  - PGPnet VPN (192.168.4.75)
ftp and telnet server - 192.168.3.10
Firewall and PGPnet client have certificates issued by Certificate
Authority (Net Tools PKI server).

I set up "private link" for VPN and try to connect (telnet or ftp) 
from outside computer with PGPnet VPN Client to inside,
but I can't connect :-(
What's wrong?

This is several strings from log file:

<13> 1999-08-16 09:32:58 gauntlet: IPSEC non-encrypted output packet
discarded: link: VPN Link 1 if=1903a8c0 src=192.168.3.0 gw=0.0.0.0,
dst=0.0.0.0
<13> 1999-08-16 09:33:07 gauntlet: informational: UDP packet allowed
by packet screening rule if=192.168.4.25 src=192.168.4.75,
dst=192.168.4.25, srcport=500, dstport=500
<13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed
by packet screening rule if=192.168.4.25 src=192.168.4.75,
dst=192.168.4.25, srcport=500, dstport=500
<13> 1999-08-16 09:33:08 GauntletIKE: Validating Peer's Certificate...
<13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed
by packet screening rule if=192.168.4.25 src=192.168.4.75,
dst=192.168.4.25, srcport=500, dstport=500
<13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed
by packet screening rule if=192.168.4.25 src=192.168.4.75,
dst=192.168.4.25, srcport=500, dstport=500
<13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed
by packet screening rule if=192.168.4.25 src=192.168.4.75,
dst=192.168.4.25, srcport=500, dstport=500
<13> 1999-08-16 09:33:11 telnet: permit host=nodnsquery/192.168.4.75
destination=192.168.3.10 port=23
<13> 1999-08-16 09:33:11 gauntlet: IPSEC non-encrypted output packet
discarded: link: VPN Link 1 if=1903a8c0 src=192.168.3.0 gw=0.0.0.0,
dst=0.0.0.0

after some time ...

<13> 1999-08-16 09:33:34 gauntlet: IPSEC non-encrypted output packet
discarded: link: VPN Link 1 if=1903a8c0 src=192.168.3.0 gw=0.0.0.0,
dst=0.0.0.0

<13> 1999-08-16 09:34:00 telnet: connected
host=nodnsquery/192.168.4.75 destination=192.168.3.10 port=23

<13> 1999-08-16 09:43:54 telnet: exit host=nodnsquery/192.168.4.75
dest=192.168.3.10 in=0 out=0 user=unauth duration=643
- --------------------
ftp session with "private link" :

<13> 1999-08-12 09:15:54 ftp: permit host=nodnsquery/192.168.4.75
connect to 192.168.3.99
<13> 1999-08-12 09:16:44 ftp: [tid=151] CONN_SERVER - failed -
dest=192.168.3.99 port=0x15!!

<13> 1999-08-12 09:19:32 ftp: [tid=151] CONN_SERVER - failed -
dest=192.168.3.99 port=0x15!!
<13> 1999-08-12 09:19:32 ftp: exit host=nodnsquery/192.168.4.75 cmds=1
in=0 out=0 user=unauth duration=218 [tid=151] DO_REQ

on the client:

C:\>ftp 192.168.3.99
Connected to 192.168.3.99.
521 192.168.3.99: connect: 10060
User (192.168.3.99:(none)):
220 lab1 FTP proxy (Version 5.0) ready.
ftp> ls
521 192.168.3.99: connect: 10060
Connection closed by remote host.
ftp>

- ---------------------

When I use "trusted link" in GVPN, I can telnet/ftp from outside
computer to inside network, but I can't connect from  inside computers
to outside!  The only allowed connection is  -
between inside computer (behind the firewall) and computer with PGPnet
VPN (witch has a certificate issued by CA) 


Has anybody had such problem with Gauntlet GVPN v5.0 and PGPnet?
Any comments would be greatly appreciated.

Thank you.
Evgueni.

 



-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5
Comment: Ascii Technology Inc. www.asciitech.com 1-800-787-2344

iQA/AwUBN7hC4lGk0lqk8yU3EQL/UgCfZ6jW5K8pN2DJNFct3extLYGQyz0AoJRV
ZIvlBVlKTf5njXTjqqp2TD7J
=7K8u
-----END PGP SIGNATURE-----