RE: [FW1] Secure Remote from behind NATing Router?

Paul Carmichael Mon, 02 Oct 2000 14:49:34 -0700

TOm

Refer to the checkpoint pdf docs page 148 of the doc titled "VPN.pdf"

If there are other firewalls along the path connecting the SecuRemote Client
(that performs the encryption) and the SecuRemote Server (the FireWall that
performs the decryption), you should configure the other firewalls to allow
FW-1 services
to pass from the SecuRemote Client to the SecuRemote Server. You should
allow the
following
services:
- FWZ
         RDP (UDP on port 259)
- IKE
        IPSEC and IKE (UDP on port 500)
        IPSEC ESP (IP type 50)
        IPSEC AH (IP type 51)


Also check that the Router is hiding all outgoing connections behind a
single IP, behind a group of IP address does not always work.



Regards,

Paul Carmichael
IT Security Engineer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SecureNet  Ltd
Level 3, 1 James Place,
North Sydney,
NSW 2000 AUSTRALIA

Ph: +61 2 9957 1000     Email: [EMAIL PROTECTED]
Fx: +61 2 9957 1111     Web : http://www.securenet.com.au
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  

-----Original Message-----
From: Tom Sevy [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 3 October 2000 4:33 AM
To: Check Point FW List (E-mail)
Subject: [FW1] Secure Remote from behind NATing Router?



Does anything have to be set in the Firewall(s) to accept SR connections
from clients behind a NATting device?


CheckPoint FW-1 Ver 4.1 SP1 on Nokia IP440 x 2

Secure Remote W2K RC2 client, behind Cisco 802 (IDSL Router)




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


*************************************************************************************
This email message has been swept by MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
*************************************************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] Secure Remote from behind NATing Router?

Reply via email to
