repost 2 - it failed first time.

I need to let genuity's vpn access from my lan to branch office lan. Over internet of course.

My ckp out to vpn box. Been told I need to open udp500, tcp389,709 and ipsec all i/o so did but no go. Even gave them AH in case they reqd it.

paging etsh911, iNViCTuS and KorpDeath. Any ideas? Thks guys. ;)


Others - feel free to respond if you know your ckp and this vpn only pls. :)

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=221004#post468741) by gold eagle
repost 2 - it failed first time.

I need to let genuity's vpn access from my lan to branch office lan. Over internet of course.

My ckp out to vpn box. Been told I need to open udp500, tcp389,709 and ipsec all i/o so did but no go. Even gave them AH in case they reqd it.

paging etsh911, iNViCTuS and KorpDeath. Any ideas? Thks guys. ;)


Others - feel free to respond if you know your ckp and this vpn only pls. :)

Provide us with more info, this isn't enough, what type of VPN is it? well, about ur basic config, what u stated should do fine, but try to drop us a line about ur exact config so we can help..

And KorpDeath has quit using CP infavour of a real FW <SunScreen> so don't await much help from him...

Note : My English sux as usual :)

etsh911

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=221004#post469138) by mrwall


And KorpDeath has quit using CP infavour of a real FW <SunScreen> so don't await much help from him...

Note : My English sux as usual :)

etsh911

Nice jab.... :D Just to add to etsh911's comments, I've never used the VPN portion either. I put an appliance in for security reasons. :thumbsup:

The only thing I would suggest is opening UDP port 500 on the CP, which you already did.

Also make sure you are allowing IP 50 and 51 (ESP and AH). These are the three components required to allow VPN traffic through your firewall. Try this and let me know what the result is.

Refer to this document for a better explanation:
http://www.spirit.com/CSI/Papers/fw+vpns.html

Here is an exerpt from another VPN doc...

"Another problem might be a missing rule before the Stealth-Rule: You will not
only have to accept IKE (500/udp), but also the Internet Protocols 50 and 51 -
pre-defined as AH and ESP."

Yeah, 50 and 51 are necessary.

thks I think the esp might do the trick, these guy are back tomorrow. We'll try it then.
I'll try to get more on the vpn but their guy hasn't called back so I'm left to figure out a foreign vpn client with no facts. :(
KD - forgot you're a sunscreen man now, I only use that in summer :)

It is not working but the probelm is not my end. We determined it is on their end and so will get it later. If anyone is interested I'll post the solution.

I am. interested. hehe