If the Cisco 800 is simply routing, then, NO. If, however, Cisco is doing NAT, then, YES. For IPSec, you need to open IP Protocols 50 and 51 and UDP port 500.
However, the preferred config is for the edge router to simply route, and for the firewall to do NAT. Randall -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Edie Dudley Sent: Monday, December 17, 2001 10:50 AM To: MSWinNT Discussions Subject: Re: Netscreen 5 The Cisco 800 sets between the Internet and the Netscreen. So I am assuming that I need to open some ports on the Cisco. ----- Original Message ----- From: "Randall Yoo" <[EMAIL PROTECTED]> To: "MSWinNT Discussions" <[EMAIL PROTECTED]> Sent: Monday, December 17, 2001 12:23 PM Subject: RE: Netscreen 5 > Since you are asking this question, I'll assume you've not altered the > default setting in VPN policy. And, in such case, all ports are opened for > the VPN client. > > Randall > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Edie Dudley > Sent: Monday, December 17, 2001 10:12 AM > To: MSWinNT Discussions > Subject: Re: Netscreen 5 > > > What ports of I need open on the firewall for the VPN client to connect > through? > I don't have Exchange. I have Mercury mail. > Thanks > ----- Original Message ----- > From: "Randall Yoo" <[EMAIL PROTECTED]> > To: "MSWinNT Discussions" <[EMAIL PROTECTED]> > Sent: Monday, December 17, 2001 11:36 AM > Subject: RE: Netscreen 5 > > > > When a VPN client connects to a firewall, that client becomes a virtual > LAN > > client. And my bet is, you don't have internal DNS server running that > has > > an A record for the mail server (mail.yourcompany.com) that the pop3 mail > > client has configured in his/her Outlook profile. The solution is: (a) > run > > internal DNS server that contains the A record; or, (b) have the VPN users > > use Exchange's SMTP (since the VPN user become a virtual LAN client) > rather > > than POP3. > > > > Randall > > > > > > BTW, you can also try posting your question at Netscreen_Firewall Yahoo > > Group: http://groups.yahoo.com/group/Netscreen_Firewall > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of > > [EMAIL PROTECTED] > > Sent: Monday, December 17, 2001 09:18 AM > > To: MSWinNT Discussions > > Subject: Netscreen 5 > > > > > > I am installing a Netscreen 5 with Netscreen remote VPN client software. > > The Netscreen installed in transparent mode just fine. And I am able to > > allow users to get to thier email using a pop3 incoming rule. > > But I don't understand how to setup the client to enter the network as a > > full user using the client software. > > I install the Netscreen vpn client and I lose the ability to get to the > > mail server. > > Do I use the router's (a Cisco 800) Internet address at the client web > > browser to gain network access. > > > > The Help files tells how to install the IPSec security but not the other > > issues. And my ISP wants paid (with a 4 hour minimum) just to get me > > started. I am sure that after I get a few questions answered I will be > > fine. > > Thanks big time in advance > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to [EMAIL PROTECTED] > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to [EMAIL PROTECTED] > > > > _________________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com > > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
