At 10:05 AM 1/31/00 +1030, Ben Nagy wrote: > > -----Original Message----- > > From: Max Ho [mailto:[EMAIL PROTECTED]] > > > Folks at FW1-B > > are asking > > that ports TCP 256, TCP 259, UDP 256, 137, 138, 139 on FW1-A to be > > opened for the users behind A to get to B. Checkpoint's proprietary VPN protocol uses TCP port 256 for data, UDP port 259 for authentication. That's where those ports come in. If you enable encapsulation, you need to permit IP protocol 94 (IPIP). You don't need 137-139 opened. >However, if you can get around all the problems, then for IPSec/IKE you >need to communicate on UDP port 500 (unless you use pre-shared keys) and you >certainly need to allow IP protocol numbers 50 and 51. If SecuRemote uses >some "Checkpoint Thing", then ignore this completely. > >Anyway, HTH - any FW-1 guys out there wanna chip in? Huh? ;) Yeah, it's some 'Checkpoint Thing' based on the ports they're requesting. Current versions of SecuRemote do support IPsec so your information is also useful. -Rick - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
