Afternoon, all.
I work for a reseller and support a good number of PIX firewalls with an
outside telnet connection using the VPN 3.0 client. My company uses a
Watchguard Firebox 2 as its own firewall (don't ask, I've tried). Right now,
I'm dialing an ISP to get an outside address and launching the VPN client
from
this point; this isn't desirable. I'd like to open ports on the Watchguard,
presumably TCP50 and 51 and UDP 500. The person here who takes care of the
Watchguard isn't sure how to accomplish this. Busy guy, I guess. Anyhow,
I've tried a few things with this person, but I have no complete fix so far.
We have opened ports 50, 51, and UDP 500. I can get to the point where the
tunnel is established, but I cannot get to the ethernet behind the remote
firewall. The local (Watchguard) firewall has logging information that seems
to indicate that it's trying to send my telnet or icmp request to the
Internet
where, of course, it's immediately dropped. This is a little confusing; I
thought the packet would be encrypted, with the source and destination
addresses matching the 2 firewalls' outside interfaces. I didn't think that
the Watchguard would have the chance to even see the payload that contains my
"real" destination. So I guess I'm wondering if there's anyone out there who
has set up something similar or, if not, could at least give me some theory
or
tell me where I'm screwing up. I should mention that when I make a dialup
connection to an ISP and use the VPN client from there, I can telnet to the
outside interface, and I can access the inside network(s) behind the PIX, so
I'm sure the PIX is set up right. Any guideposts appreciated. Thanks.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20461&t=20461
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
