Hi
Well, maybe you should check for the protocols 50 and 51, and the IKE port
(UDP 500, and TCP 500 in case you send IKE over TCP). Try adding this rule
separately, do not use ANY. That should do it for the services question.
However, you also need to check in the VPN gateway 3 more possible errors
that you should address in order to get your remote acces correct:
1.- Overlapping, in case your private network at home matches with any other
within the enterprise network, then you will need to NAT your private IP at
home or change your home network to another one that do not match in your
enterprise network which leads to No.2
2.- Antispoofing, in case your private network at home is within the
enterprise network
3.- Routing, in case your private network at home is not routed at your
enterprise network, and you're not using IP pool NAT
It is more recommended to use IP pool NAT since you control the IP you
assign to external networks, instead of routing multiple private networks to
the Internet, which may lead to security issues (don't forget the ARP).
Hope this helps
OA
-----Original Message-----
From: Alexis Villagra - VILSOL LatinAmerica
To: firewalls@securityfocus.com
Sent: 25/11/2005 01:39 a.m.
Subject: CHECKPOINT VPN Client
Importance: High
Hi,
I have a CheckPoint VPN Client installed in my PC at home, when i
connect to Internet directly i can connect to my VPN Server in the main
office.
I have bought a firewall, i left default services open but i can not
establish a VPN connection.
Could you tell me which ports or what should I do in the firewall to
allow the establishment of the VPN connection.
Best regards,
ALEXIS VILLAGRA
