-
March 6th, 2002, 01:51 AM
#1
cpk and vpn issue
repost 2 - it failed first time.
I need to let genuity's vpn access from my lan to branch office lan. Over internet of course.
My ckp out to vpn box. Been told I need to open udp500, tcp389,709 and ipsec all i/o so did but no go. Even gave them AH in case they reqd it.
paging etsh911, iNViCTuS and KorpDeath. Any ideas? Thks guys.
Others - feel free to respond if you know your ckp and this vpn only pls.
Trappedagainbyperfectlogic.
-
March 6th, 2002, 06:39 PM
#2
Member
-
March 6th, 2002, 07:04 PM
#3
Re: Re: cpk and vpn issue
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
March 6th, 2002, 08:50 PM
#4
The only thing I would suggest is opening UDP port 500 on the CP, which you already did.
Also make sure you are allowing IP 50 and 51 (ESP and AH). These are the three components required to allow VPN traffic through your firewall. Try this and let me know what the result is.
Refer to this document for a better explanation:
http://www.spirit.com/CSI/Papers/fw+vpns.html
Here is an exerpt from another VPN doc...
"Another problem might be a missing rule before the Stealth-Rule: You will not
only have to accept IKE (500/udp), but also the Internet Protocols 50 and 51 -
pre-defined as AH and ESP."
-
March 6th, 2002, 08:57 PM
#5
Yeah, 50 and 51 are necessary.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
March 7th, 2002, 01:54 AM
#6
thks I think the esp might do the trick, these guy are back tomorrow. We'll try it then.
I'll try to get more on the vpn but their guy hasn't called back so I'm left to figure out a foreign vpn client with no facts.
KD - forgot you're a sunscreen man now, I only use that in summer
Trappedagainbyperfectlogic.
-
March 8th, 2002, 12:58 AM
#7
It is not working but the probelm is not my end. We determined it is on their end and so will get it later. If anyone is interested I'll post the solution.
Trappedagainbyperfectlogic.
-
March 8th, 2002, 01:25 AM
#8
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|