I think this was mentioned, but what is you bypass the routers and connect the laptop directly to the network?
-----Original Message----- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Nick Olsen Sent: Monday, December 28, 2009 11:24 AM To: WISPA General List Subject: Re: [WISPA] CheckPoint VPN/firewall We have opened all of the ports to there router. I'm trying right now to see if dstnating everything to one laptop will make it work but I don't think so since they never have to do that. But here is the weird part. On torch when we see the attempt the dst ip is 192.168.0.4 which isn't going to work. A packet capture on the laptop shows it attempting to hit the real public IP space 195something But I don't see it on torch. We have opened all ports to it. 3rd part. If I do some routing black magic and dst nat 192.168.0.4 to 195something it connects, but they can't pass any traffic over it. Nick Olsen Brevard Wireless (321) 205-1100 x106 ---------------------------------------- From: "Jerry Richardson" <jrichard...@aircloud.com> Sent: Monday, December 28, 2009 2:20 PM To: "WISPA General List" <wireless@wispa.org> Subject: Re: [WISPA] CheckPoint VPN/firewall More: Port 443 and 444 need to be open -----Original Message----- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jerry Richardson Sent: Monday, December 28, 2009 11:16 AM To: WISPA General List Subject: Re: [WISPA] CheckPoint VPN/firewall This is specific to Checkpoint VPN: Allow the following services: TCP/264 (Topology Download) TCP/256 UDP 259 IKE IPSEC and IKE (UDP on port 500) IPSEC ESP (IP type 50) IPSEC AH (IP type 51) TCP/500 (if using IKE over TCP) UDP 2746 or another port (if using UDP encapsulation) SecureClient specific connections: FW1_scv_keep_alive (UDP port 18233) - used for SCV keep-alive packets FW1_pslogon_NG (TCP port 18231) or (TCP port 65524 for Application Intelligence) - used for SecureClient's logon to Policy Server protocol FW1_sds_logon (TCP port 18232) - used for SecureClient's Software Distribution Server download protocol tunnel_test (UDP port 18234) - used by Check Point tunnel testing application -----Original Message----- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jerry Richardson Sent: Monday, December 28, 2009 11:12 AM To: n...@brevardwireless.com; WISPA General List Subject: Re: [WISPA] CheckPoint VPN/firewall Perhaps this will help http://www.spywarepoint.com/ipsec-ports-t43658.html -----Original Message----- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Nick Olsen Sent: Monday, December 28, 2009 10:55 AM To: wireless@wispa.org Subject: [WISPA] CheckPoint VPN/firewall We have a customer that is playing host to some Russian Guests, They are trying to connect to a checkpoint vpn in moscow. It looks like it is standard IPsec. It won't connect on our network, But will on other networks. We've torched to hell and back on what might be happening. But because of language barriers and the fact that they can't leave the facility they are at, or set us up any type of test VPN we could test with to fix the problem we have come to a standstill on what to do. Our network is all mikrotik based. What we were hoping for is if anyone had a check point vpn/firewall we could test with or if anyone had any insight on getting it to play nice with mikrotik. Nick Olsen Brevard Wireless (321) 205-1100 x106 ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
