I've been fighting with the VPN client that my company gave me. Here are my
active filters:
OUTBOUND
1 0 Accept ANY TCP from "ANY_IP" 3845 to "ANY_IP" 3845
2 235 Accept "PROTECTED" ALL from "ANY_IP" to "ANY_IP"
REMOTE ACCESS
1 0 Accept ANY TCP log from "ANY_IP" 3845 to "ANY_IP" 3845
2 287 Accept "PROTECTED" TCP from 192.168.5.0/255.255.255.0 to
192.168.5.1/255.255.255.255 8080
3 0 Accept "PROTECTED" TCP from 192.168.5.0/255.255.255.0 to
192.168.5.1/255.255.255.255 77
4 479 Deny ANY UDP nolog from "ANY_IP" to "ANY_IP" 9 67 68 137
138 161 513
5 0 Deny ANY UDP nolog from "ANY_IP" to "ANY_IP" 520
6 0 Accept ANY TCP nolog from "ANY_IP" to "ANY_IP" 113
7 0 Accept ANY ICMP from "ANY_IP" 8 to "ANY_IP" 8
8 9 Deny ANY UDP nolog genICMP from "ANY_IP" to "ANY_IP"
32767:65535
9 0 Deny ANY TCP nolog from "ANY_IP" 80 to "ANY_IP"
1024:65535
10 5 Deny ANY ALL alarm from "ANY_IP" to "ANY_IP"
IP PASS THROUGH
No filters installed.
AUTO
1 0 Accept ANY ICMP from 192.168.5.9 3 4 11 to 192.168.5.1 3 4
11
And here is what the manufacturer has told me:
> You are close... the communications occurs from the VPN client on a
> random high port (1024:65535) to the SmartGate VPN server on 3845/tcp.
> So, your rules need to look something like this (verify these since I am
> not familiar with this form of ruleset)
> OUTBOUND
> 1 0 Accept ANY TCP from "ANY_IP" 1024:65535 to "ANY_IP" 3845
>
> REMOTE ACCESS
> 1 0 Accept ANY TCP log from "ANY_IP" 3845 to "ANY_IP"
1024:65535
> Hope that this helps,
What do I need to do to put what he suggests in place? Especially if the
VPN client uses a random port each time?
Joab Ben Stieglitz
mailto:[EMAIL PROTECTED]
