Here are the list of ports that
need to be open...
The filtering device has the
following ports blocked:
-TCP Port 256
-UDP Port 259
-UDP Port 500
-Protocol 94, 50 and
51.
Fix: 1. To download the topology,
you need to open TCP port 256, whatever
encryption scheme is used .
* If using SecuRemote 4.1, then by
default the topology will be downloaded
on TCP port 264.
* If using SecuRemote 4.1 with
FireWall-1 3.0b or 4.0, SecuRemote will
first try to get the topology on
port 264; if it is not successful
after 30 seconds, it will try on
port 256.
See the Solution: <a
href="">Topology Download
problems with SecuRemote
4.1/FireWall-1 4.1</a> to learn more about
this issue.
* If using SecuRemote 3.0 or 4.0
with FireWall-1 4.1, add a rule in
FireWall-1, that accepts
connections from SecuRemote users to the SecuRemote
server on port 256.
2. To establish a connection
between SecuRemote Client and the server:
If using the FWZ encryption scheme,
open UDP port 259 for the Authentication.
NOTE: If not using encapsulation,
create rules to allow the actual traffic.
If using encapsulation, just add
one rule allowing traffic on protocol
94 (0x5e) which is the new IP
protocol number.
For ISAKMP, open UDP port 500
(ISAKMP service) for Authentication, and
allow traffic on protocol 50 (0x32)
and 51 (0x33) which are the new
protocol numbers for ISAKMP.
NOTE: If the Firewall in the middle
is FireWall-1 then you just need
to allow
IPSEC.