-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lari Luoma <[EMAIL PROTECTED]> wrote:
>
> Number: 6089199
> Date: 7Feb2008
> Time: 11:41:35
> Product: VPN-1 Pro/Express
> Interface: eth-s1p3c1
> Origin: fw1 (192.168.77.116)
> Type: Log
> Action: Accept
> Protocol: udp
> Service: UDP_4500 (4500)
> Source: 10.183.146.25
> Destination: 15.195.xx.xx
> Rule: 36
> NAT rule number: 27
> NAT additional rule number: 0
> Source Port: UDP_4500 (4500)
> User: [I removed the user name]
> XlateSrc: fw1_cluster(192.100.xx.xx)
> XlateSPort: 50357
> Information: rule_uid:
> {572D8CDE-627C-4D64-A495-7E0470E4AC49}
> service_id: UDP_4500
> normalized_rule_num: 36-es-rules
This says that the client sent a packet, SourcePort 4500, DestPort 4500.
The firewall applied NAT and changed the SourcePort to 50357. The
DestPort remains 4500.
> Number: 6097242
> Date: 7Feb2008
> Time: 11:41:57
> Product: VPN-1 Pro/Express
> Interface: eth-s2p1c0
> Origin: fw1 (192.168.xx.xx)
> Type: Log
> Action: Drop
> Protocol: udp
> Service: 49534
> Source: 15.195.xx.xx
> Destination: fw1_cluster (192.100.xx.xx)
> Rule: 178
> Source Port: UDP_4500 (4500)
> Information: rule_uid: {D67DCC20-6EA8-4EAB-BC8B-1E20C0E38DFF}
> normalized_rule_num: 178-es-rules
The reply packet from the VPN concentrator has SourcPort 4500 but
DestPort is 49534. Where did that port number come from? The firewall
is correct in that it has no idea why someone is sending to that port,
or why it should forward the traffic back inside. The reply back from
the concentrator should have used dest port 50357, since that is what
the source port was that it saw.
- --
David DeSimone == Network Admin == [EMAIL PROTECTED]
"This email message is intended for the use of the person to whom
it has been sent, and may contain information that is confidential
or legally protected. If you are not the intended recipient or have
received this message in error, you are not authorized to copy, dis-
tribute, or otherwise use this message or its attachments. Please
notify the sender immediately by return e-mail and permanently delete
this message and any attachments. Verio, Inc. makes no warranty that
this email is error or virus free. Thank you." --Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFHrPwOFSrKRjX5eCoRAvwDAJ94fAwfkY0/dOHAc7df4Ng2eOw2TwCfbUCa
TgByaYU5eQXVOd675+OMMIE=
=gvPx
-----END PGP SIGNATURE-----
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
