Firewall Wizards mailing list archives
Re: connecting to VPN from behind FW-1
From: Tina Bird <tbird () precision-guesswork com>
Date: Tue, 29 Aug 2000 15:18:24 -0500 (CDT)
Is the VPN using IPsec with dynamic keying? (i.e. ISAKMP/ IKE to build the security associations) If so, is the FW-1 NAT also doing port translation of the outgoing connections? The key negotiation protocol demands that the >>source port<< of the connection request be UDP/500. Most NAT devices break that. Last time I checked, Checkpoint's answer was to either build a rule that changes address but not port, or to put the client outside the NAT device. Ugh. cheers -- tbird On Tue, 29 Aug 2000, Tim Iliff wrote:
Date: Tue, 29 Aug 2000 12:34:54 -0400 From: Tim Iliff <TIliff () Investprivate com> To: firewall-wizards () nfr net Subject: [fw-wiz] connecting to VPN from behind FW-1 hello all, I am trying to connect to a VPN (behind FW-1 4.1) with securemote from a LAN behind a FW-1 NAT? The remote firewall is configured to allow connections from behind a NAT, but I can't figure out what needs to be done on my end. Do I need to install a VPN gateway on my firewall? I am trying to connect from an NT workstation behind a FW-1 4.1 firewall. Securemote is 4.1 build 4157. Any help would be greatly appreciated! Thanks tim iliff _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html life: http://kubarb.phsx.ukans.edu/~tbird work: http://www.counterpane.com _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- connecting to VPN from behind FW-1 Tim Iliff (Aug 29)
- Re: connecting to VPN from behind FW-1 Tina Bird (Aug 30)