Firewall Wizards mailing list archives
Checkpoint and Linksys WRT54G/Double NAT
From: LaTania Williams <topo2 () pacbell net>
Date: Thu, 31 Jan 2008 14:26:01 -0800 (PST)
Question for you checkpoint gurus out there: I have a double natted network at home, and can't access a checkpoint fw via their vpn sw. My network looks like this: Internet -> linksys wrt51ab -> linksys wrt54g -> internal clients (vpn client) DMZ BACK Basic WinXPPro stock firmware openwrt - IPTables PublicIP %-% 192.168.1.1/28 192.168.1.14/28 %-% 192.168.2.1/24 192.168.2.6/24 When I plug directly into DMZ, the vpn has no problem connecting. If I try to access from the BACK network however, it always times out. I have had no issues with cisco or att vpns (have had to use both), port 500/udp is good, AH/ESP traffic are all are good on the BACK router. Checkpoint requires special ports, as I could gather from googling, I opened those up (256-257 /tcp I believe) on BACK, still had no effect. Tried opening 4500/tcp & udp to no avail. I know I am doing something wrong, but access through double nat certainly must be supported... Any help is greatly appreciated as I would like to get my wife off of this long wire we have stretching to the office ;-) . Thanks, Michael Brown ----- Original Message ---- From: Paul Melson <pmelson () gmail com> To: Firewall Wizards Security Mailing List <firewall-wizards () listserv icsalabs com> Sent: Thursday, January 31, 2008 4:57:06 AM Subject: Re: [fw-wiz] Checkpoint and RTSP NAT On Jan 30, 2008 12:35 PM, Pedro Henrique Morsch Mazzoni <phmazzoni () gmail com> wrote:
Client to server Transport field of RTSP packet: Transport:
RTP/AVP;unicast;client_port=6970-6971;mode=play,RTP/AVP/TCP;unicast;mode=play
Server response to client: Transport:
RTP/AVP;unicast;source=72.14.209.177;client_port=59598-59599;server_port=10580-10581;ssrc=6DF21148
Did anyone knows if Checkpoint NGX can be awareness of RTSP when
using NAT,
and change the payload of the response packet ?
Check Point has no problem with RTSP since the pre-NG days. Your problem is that the firewall isn't looking for RTSP on those ports (10580-10581). By default, tcp/554 is the port for RTSP servers. PaulM _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Checkpoint and Linksys WRT54G/Double NAT LaTania Williams (Feb 01)