We're having an issue where we're unable to successfully perform Kerberos authentication through a VPN connection. Environment is CheckPoint NG (Nokia) with the latest Checkpoint VPN client. Clients are a mixture of Windows 2000 Pro and Windows XP. Servers are Windows 2003 (Kerberos V5). The configuration is basically an Internet connected client establishing a VPN connection via the NG VPN client back to a Nokia NG firewall which protects the corporate network hosting the Windows 2003 server.
When attempting a connection, we see a Kerberos request over 88/UDP with a destination of a Kerberos KDC. It shows in the client log, however it never appears in the firewall log and nothing reaches the KDC server. Switching the client to use Kerberos 88/TCP fixes the problem, however we're reluctant to modify all of our clients to use TCP (a ton of clients to update, overhead concerns with a large number of TCP sessions setups/teardowns needed for KDC operators, and a desire to generally stay with the standard (RFC 1510) method of doing Kerberos over UDP). What do we need to change on the firewall to get it to pass Kerberos 88/UDP inside a VPN connection? Thoughts/hints appreciated. Thanks Craig ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
