Fw: What ports need to be opened on remote fw to use CheckpointSecuRemote VPN w/IKE?
Sandy Harris
sandy at STORM.CA
Tue Apr 24 00:04:51 EDT 2001
Michael LeClair wrote:
>
> Help.
>
> We are trying to get a Checkpoint-1 SecuRemote VPN connection to work
> with a Checkpoint-1 (Nokia) firewall using IKE from behind a Watchguard
> Firebox II fw.
>
> The admin of the gateway fw said to open the following ports:
>
> 1.) TCP 256
> 2.) UDP 259
Checking
http://www.isi.edu/in-notes/iana/assignments/port-numbers
I see TCP and UDP 256 are for RAP, which I know nothing about.
> 3.) UDP 50
> 4.) UDP 51
> 5.) UDP 500
>
> ... but, even though authentication is successful, a connection to the
> client machines on their network behind their Checkpoint fw are not
> accessible (can't telnet, ping, ftp, etc, all of which should be
> available).
>
> As an aside, I have seen incoming packet rejections on port 0 on our
> Watchguard firewall from the Checkpoint-1 fw, but this port number may
> not be accurate. I even saw somewhere that there may be a potential DOS
> on port 0 using SecuRemote (supposedly reboots Unix clients?).
>
> Any expert help would be appreciated.
>
> mike
>
> VPN is sponsored by SecurityFocus.COM
IPSEC uses **protocols** (not ports) 50 (ESP) and 51 (AH) for the actual
VPN data. Negotiations to set up up those connections use IKE on UDP port
500.
One reference is the firewalls section of the FreeS/WAN (Linux IPSEC)
documnentation:
http://www.freeswan.org/freeswan_trees/freeswan-1.9/doc/firewall.html
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list