Hi all!
I'm setting up an ordinary LAN/Internet/DMZ firewall solution built on Computer
Associates GuardIT firewall, and have a few problems. Hopefully some of you have
experienced this firewall, and may give me som hints. The setup is:
LAN: NAT:ed 10.* net
Internet: A "real" IP adress with *.252 netmask with a connection to the ISP
router.
DMZ: "Real" IP adresses on a third NIC.
I get everything to work except FTP and Microsoft VPN. FTP from the 10.* net to
Internet works fine in passive mode, but when not using passive mode the
connection gets reset when issuing a port command. According to the GuardIT help
file GuardIT should be able to recognize both passive and active mode without
any special configuration on the firewall. It seems like it hasn't read it's own
help file. ;) I've tried allowing port 20 (which shouldn't be needed) without
success. The firewall says nothing about refused connections. Any ideas?
VPN: Microsoft VPN works fine using a Windows 2000 client, but not using Windows
9x. Logging the login attempt on the client shows that it gets no response at
all from the server. Hooking it up on the DMZ makes VPN working fine. I've
allowed TCP 1723 and IP 47 from anywhere to DMZ (where the VPN server is
located). The firewall logs says nothing about refused connections. I've even
tried allowing anything from anywhere to anywhere and it still doesn't work. Any
ideas?
This is my first post to the list. Short pres: 27 year old consultant at Qbranch
<http://www.qbranch.se> in Stockholm, Sweden. Primary working with short
"emergency" missions for different customer all over Sweden but mostly in the
Stockholm area. Sometimes on longer assignments. Mostly with NT, Cisco and
different U**X flavors, but anything talking TCP/IP would do. Certified on
Cisco, CA Unicenter, Microsoft and som other stuff. I was recommended this list
by Michael Abrahamsson, and have been lurking for about two weeks. More info:
[EMAIL PROTECTED]
TIA
/P
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
