[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Secure Remote from behind NATing Router?
TOm Refer to the checkpoint pdf docs page 148 of the doc titled "VPN.pdf" If there are other firewalls along the path connecting the SecuRemote Client (that performs the encryption) and the SecuRemote Server (the FireWall that performs the decryption), you should configure the other firewalls to allow FW-1 services to pass from the SecuRemote Client to the SecuRemote Server. You should allow the following services: - FWZ RDP (UDP on port 259) - IKE IPSEC and IKE (UDP on port 500) IPSEC ESP (IP type 50) IPSEC AH (IP type 51) Also check that the Router is hiding all outgoing connections behind a single IP, behind a group of IP address does not always work. Regards, Paul Carmichael IT Security Engineer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SecureNet Ltd Level 3, 1 James Place, North Sydney, NSW 2000 AUSTRALIA Ph: +61 2 9957 1000 Email: [email protected] Fx: +61 2 9957 1111 Web : http://www.securenet.com.au ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----Original Message----- From: Tom Sevy [mailto:[email protected]] Sent: Tuesday, 3 October 2000 4:33 AM To: Check Point FW List (E-mail) Subject: [FW1] Secure Remote from behind NATing Router? Does anything have to be set in the Firewall(s) to accept SR connections from clients behind a NATting device? CheckPoint FW-1 Ver 4.1 SP1 on Nokia IP440 x 2 Secure Remote W2K RC2 client, behind Cisco 802 (IDSL Router) ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ************************************************************************************* This email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ************************************************************************************* ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|