[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] port usage for securemote (IKE)
- To: [email protected]
- Subject: [FW-1] port usage for securemote (IKE)
- From: Andrew Loh <[email protected]>
- Date: Sat, 1 Dec 2001 00:47:46 +0800
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcF5vr03nGN2XkWnQkuEYXhnwuGhcg==
- Thread-topic: port usage for securemote (IKE)
Title: Message
My CP NG has a
broadband NAT gateway in front of it, which is used for port
forwarding.
After configured the
VPN-1, securemote can retrive the topology and authenticated. It stops at
"Exchanging key..."
In upstream NAT
gateway, I forwarded ports of:
�
FWZ
� RDP (UDP on port 259)
�
IKE
� IPSEC and IKE (UDP on port
500)
� IPSEC ESP (IP type 50), TCP/UDP
�
IPSEC AH (IP type 51),
TCP/UDP
�
TCP/500 (if using IKE over
TCP)
� UDP
2746 or another port (if using UDP encapsulation)
�SecureClient
connections
�
FW1_scv_keep_alive (UDP port 18233) — used for SCV keep-alive
packets
�
FW1_pslogon_NG (TCP port 18231) — used for SecureClient's logon
to
Policy Server
protocol
� FW1_sds_logon (TCP port 18232) — used for SecureClient's
Software
Is there any other
thing need to do before let securemote client can connect to CP NG thru an
upstream NAT gateway ?
andrew.
�
