Results 1 to 8 of 8

Thread: cpk and vpn issue

  1. #1
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193

    Unhappy cpk and vpn issue

    repost 2 - it failed first time.

    I need to let genuity's vpn access from my lan to branch office lan. Over internet of course.

    My ckp out to vpn box. Been told I need to open udp500, tcp389,709 and ipsec all i/o so did but no go. Even gave them AH in case they reqd it.

    paging etsh911, iNViCTuS and KorpDeath. Any ideas? Thks guys.


    Others - feel free to respond if you know your ckp and this vpn only pls.
    Trappedagainbyperfectlogic.

  2. #2

    Re: cpk and vpn issue

    Originally posted here by gold eagle
    repost 2 - it failed first time.

    I need to let genuity's vpn access from my lan to branch office lan. Over internet of course.

    My ckp out to vpn box. Been told I need to open udp500, tcp389,709 and ipsec all i/o so did but no go. Even gave them AH in case they reqd it.

    paging etsh911, iNViCTuS and KorpDeath. Any ideas? Thks guys.


    Others - feel free to respond if you know your ckp and this vpn only pls.
    Provide us with more info, this isn't enough, what type of VPN is it? well, about ur basic config, what u stated should do fine, but try to drop us a line about ur exact config so we can help..

    And KorpDeath has quit using CP infavour of a real FW <SunScreen> so don't await much help from him...

    Note : My English sux as usual

    etsh911

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628

    Re: Re: cpk and vpn issue

    Originally posted here by mrwall


    And KorpDeath has quit using CP infavour of a real FW <SunScreen> so don't await much help from him...

    Note : My English sux as usual

    etsh911
    Nice jab.... Just to add to etsh911's comments, I've never used the VPN portion either. I put an appliance in for security reasons.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    The only thing I would suggest is opening UDP port 500 on the CP, which you already did.

    Also make sure you are allowing IP 50 and 51 (ESP and AH). These are the three components required to allow VPN traffic through your firewall. Try this and let me know what the result is.

    Refer to this document for a better explanation:
    http://www.spirit.com/CSI/Papers/fw+vpns.html

    Here is an exerpt from another VPN doc...

    "Another problem might be a missing rule before the Stealth-Rule: You will not
    only have to accept IKE (500/udp), but also the Internet Protocols 50 and 51 -
    pre-defined as AH and ESP."

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Yeah, 50 and 51 are necessary.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    thks I think the esp might do the trick, these guy are back tomorrow. We'll try it then.
    I'll try to get more on the vpn but their guy hasn't called back so I'm left to figure out a foreign vpn client with no facts.
    KD - forgot you're a sunscreen man now, I only use that in summer
    Trappedagainbyperfectlogic.

  7. #7
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    It is not working but the probelm is not my end. We determined it is on their end and so will get it later. If anyone is interested I'll post the solution.
    Trappedagainbyperfectlogic.

  8. #8
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    I am. interested. hehe
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •