SR uses port 259 for key exchange. The netbios ports (135-139) are not needed in
order to do VPN.
I have gotten SR client to do key exchange only knowing IP address of FW-1 (fw did
not need to be resolvable).
My experience is that fw logs will only show connection data "after" the DH key
exchange (I was using FWZ). When I had problems with my SR, I had to use sniffer to
see public key and topo information downloaded from fw to SR client (with parameters
i was working with, i had to send this data in clear in order for authentication to
work).
It may be helpful in future to post you build number for both client and fw. there
are dependendies regarding versions (e.g., SR client, build 4005 has problems with
fw 4.0 build 4031)
/rm
Andre Toussaint wrote:
> check out www.phoneboy.com/fw1
>
> specifically http://www.phoneboy.com/fw1/faq/0342.html
>
> according to that, it might be the ports, but I don't know which ports
> fw/SecRem use. you could disable the port filter, try it, and see.
>
> goodluck
> andre
>
> -----Original Message-----
> From: MIS [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 04, 2000 2:55 PM
> To: FW1 mailinglist
> Subject: RE: [FW1] need some help on SecuRemote setup
>
> the only log that I see related to this
> is the connection from
> "external win98" to "Firewall" using service RDP (and that's it)
>
> I forgot to mention that i did some filter on tcp/udp 135-139
> on my exterior router
> Does it matter?
>
> ---------------------------------
> well, the no domain server is probably because you didn't get in, so just
> worry about no answer recieved from fw.
>
> How far is it getting? Check the log viewer on your firewall-1.
> do you see the user attempting to connect, etc?
> (this is best to do with a laptop dialing in, sitting right next to fw-1
> box, so you can watch both)
>
> andre
>
> ----------------------------
> I using SecuRemote on a win98 connect to Internal NT server
> after enter the password for NT and enter password at SecuRemote pop-up
> window
>
> Secure Remote pop up a window
> "Error: No answer receive from a Firewall at site xxx.xxx.xxx.xxx "
>
> and "No domain server is available"
>
> Can you give some hints how to trouble shoot this
>
> any help would be appreciate
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
