If Smartpass utilizes IPSec between the ends of the connection, then Chris is right. IPSec does not allow packets to be modified in any way (including NAT) between the sender and receiver.
Mike Burden Lynk Systems (616)532-4985 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Green Sent: Thursday, July 20, 2000 2:46 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: SmartPass Through GnatBox --------------------- Attention ----------------------------- Online GNAT Box User Forum is Now Open Click the Register link and sign up today http://www.gnatbox.com/cgi-bin/Ultimate.cgi ------------------------------------------------------------- Send postings to: [EMAIL PROTECTED] Access the list archives at: http://www.gnatbox.com/gb-users/ ------------------------------------------------------------- I do not believe that smartpass will work through NAT at all. Good luck! Chris Green >From: Joab Stieglitz <[EMAIL PROTECTED]> >To: "GnatBox Users Group (E-mail)" <[EMAIL PROTECTED]> >Subject: SmartPass Through GnatBox >Date: Thu, 20 Jul 2000 12:18:56 -0400 > >--------------------- Attention ----------------------------- >Online GNAT Box User Forum is Now Open >Click the Register link and sign up today >http://www.gnatbox.com/cgi-bin/Ultimate.cgi >------------------------------------------------------------- >Send postings to: [EMAIL PROTECTED] >Access the list archives at: http://www.gnatbox.com/gb-users/ >------------------------------------------------------------- >I've been fighting with the VPN client that my company gave me. Here are >my >active filters: > >OUTBOUND > 1 0 Accept ANY TCP from "ANY_IP" 3845 to "ANY_IP" 3845 > 2 235 Accept "PROTECTED" ALL from "ANY_IP" to "ANY_IP" > >REMOTE ACCESS > 1 0 Accept ANY TCP log from "ANY_IP" 3845 to "ANY_IP" 3845 > 2 287 Accept "PROTECTED" TCP from 192.168.5.0/255.255.255.0 to >192.168.5.1/255.255.255.255 8080 > 3 0 Accept "PROTECTED" TCP from 192.168.5.0/255.255.255.0 to >192.168.5.1/255.255.255.255 77 > 4 479 Deny ANY UDP nolog from "ANY_IP" to "ANY_IP" 9 67 68 >137 >138 161 513 > 5 0 Deny ANY UDP nolog from "ANY_IP" to "ANY_IP" 520 > 6 0 Accept ANY TCP nolog from "ANY_IP" to "ANY_IP" 113 > 7 0 Accept ANY ICMP from "ANY_IP" 8 to "ANY_IP" 8 > 8 9 Deny ANY UDP nolog genICMP from "ANY_IP" to "ANY_IP" >32767:65535 > 9 0 Deny ANY TCP nolog from "ANY_IP" 80 to "ANY_IP" >1024:65535 > 10 5 Deny ANY ALL alarm from "ANY_IP" to "ANY_IP" > >IP PASS THROUGH > No filters installed. > >AUTO > 1 0 Accept ANY ICMP from 192.168.5.9 3 4 11 to 192.168.5.1 3 >4 >11 > >And here is what the manufacturer has told me: > > > You are close... the communications occurs from the VPN client on a > > random high port (1024:65535) to the SmartGate VPN server on 3845/tcp. > > > So, your rules need to look something like this (verify these since I am > > not familiar with this form of ruleset) > > > OUTBOUND > > 1 0 Accept ANY TCP from "ANY_IP" 1024:65535 to "ANY_IP" >3845 > > > > REMOTE ACCESS > > 1 0 Accept ANY TCP log from "ANY_IP" 3845 to "ANY_IP" >1024:65535 > > > Hope that this helps, > >What do I need to do to put what he suggests in place? Especially if the >VPN client uses a random port each time? > >Joab Ben Stieglitz >mailto:[EMAIL PROTECTED] >---------------------------------------------- >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe gb-users your_email_address >in the body of the message ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ---------------------------------------------- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe gb-users your_email_address in the body of the message
