Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] firewall sp2 and securemote behind nat

To: [email protected], [email protected], [email protected]
Subject: Re: [FW1] firewall sp2 and securemote behind nat
From: Steven Lee <[email protected]>
Date: Fri, 15 Dec 2000 14:55:21 -0800
Organization: AVCOM Technologies, Inc.
References: <F931488C3634D11180D700A02461E24504A3A4A9@chitmd03.nt.il.nbgfn.com>
Sender: [email protected]

I have been able to get this to work with 4.1SP2 on Solaris 7
with SR 4165, but much depends on the NAT device behind
which the SR client sits. I've tried it behind a Cisco 675 DSL
router, and can say conclusively that it only sometimes works.
Two SR clients behind the 675 will definitely *not* work, and
that's because of the way that the 675 does NAT and PAT.
I've observed the 675 take two IKE (500/udp) sessions and
use the same source ports for the two client sessions going to
the firewall on dest port 500...

I solved this by putting a Linux Router Project box in between
the 675 and the SR clients. Now the NAT and PAT works correctly
and both clients can communicate to the same firewall at
the same time without a problem. Snooping on the outside of
the firewall confirms that 2746/udp is being used for all IKE
communication between the clients and the firewall. No changes
in the users.C file on the client was required.

Steve

[email protected] wrote:

> This did NOT get fixed in SP2.  No time frame on when.
>
> Kevin
>
> -----Original Message-----
> From: Kumar, Prashanth [mailto:[email protected]]
> Sent: Friday, December 15, 2000 12:19 PM
> To: [email protected]
> Subject: [FW1] firewall sp2 and securemote behind nat
>
> Hi,
> SP2 patch was supposed to fix the problem of securemote behind a Nat box by
> encapsulating ipsec packet in udp . I have upgraded the firewall to sp2 and
> did all the thing mentioned in SP2. This still is not working. User
> authentication works fine ( this uses udp 500). But no actual data transfer
> takes place. Is there any body who has got this to work. What am  I doing
> wrong here .
>
> I am using IKE ( ESP)  in hybrid mode
>
> ------------------------------------------------------------
> Prashanth Kumar
> Network Engineer
> IS&T
> EA
> Ph:> [email protected]
> -----------------------------------------------------------
>
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====

--
Steven Lee, CISSPSenior Network Security EngineerFAX
AVCOM Technologies, IncPager
4636 E Marginal Way S, Ste B-100   http://www.avcom.com
Seattle, WA 98134-2383             mailto:[email protected]

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] firewall sp2 and securemote behind nat
  - From: [email protected]

Prev by Date: RE: [FW1] firewall sp2 and securemote behind nat
Next by Date: [FW1] IKE VPN between two FW1 Machines
Previous by thread: RE: [FW1] firewall sp2 and securemote behind nat
Next by thread: [FW1] Firewall-1 Admin changes Audit Trail
Index(es):
- Date
- Thread