Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Secure Remote from behind NATing Router?

To: "'Tom Sevy'" <[email protected]>, "Check Point FW List (E-mail)" <[email protected]>
Subject: RE: [FW1] Secure Remote from behind NATing Router?
From: Paul Carmichael <[email protected]>
Date: Tue, 3 Oct 2000 08:40:32 +1100
Sender: [email protected]

TOm

Refer to the checkpoint pdf docs page 148 of the doc titled "VPN.pdf"

If there are other firewalls along the path connecting the SecuRemote Client
(that performs the encryption) and the SecuRemote Server (the FireWall that
performs the decryption), you should configure the other firewalls to allow
FW-1 services
to pass from the SecuRemote Client to the SecuRemote Server. You should
allow the
following
services:
- FWZ
	 RDP (UDP on port 259)
- IKE
	IPSEC and IKE (UDP on port 500)
	IPSEC ESP (IP type 50)
	IPSEC AH (IP type 51)


Also check that the Router is hiding all outgoing connections behind a
single IP, behind a group of IP address does not always work.



Regards,

Paul Carmichael
IT Security Engineer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SecureNet  Ltd
Level 3, 1 James Place,
North Sydney,
NSW 2000 AUSTRALIA

Ph: +61 2 9957 1000	Email: [email protected]
Fx: +61 2 9957 1111	Web : http://www.securenet.com.au
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  

-----Original Message-----
From: Tom Sevy [mailto:[email protected]]
Sent: Tuesday, 3 October 2000 4:33 AM
To: Check Point FW List (E-mail)
Subject: [FW1] Secure Remote from behind NATing Router?



Does anything have to be set in the Firewall(s) to accept SR connections
from clients behind a NATting device?


CheckPoint FW-1 Ver 4.1 SP1 on Nokia IP440 x 2

Secure Remote W2K RC2 client, behind Cisco 802 (IDSL Router)




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


*************************************************************************************
This email message has been swept by MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
*************************************************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] TCP Timeout question
Next by Date: [FW1] Check Point Release Dates
Previous by thread: FW: [FW1] Secure Remote from behind NATing Router?
Next by thread: RE: [FW1] Secure Remote from behind NATing Router?
Index(es):
- Date
- Thread