You
did mean protocol 50 & 51, right?
DS
-----Original Message-----
From: Perrymon, Josh L. [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 05:22 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Checkpoint to Cisco 3000 VPN errorsI just got off the phone with ISS in Atlanta and got it to work.In order for FW-1 to talk to Cisco VPN 3000 you have to have the following ports openUDP 50-UDP 51-UDP 500and the one we didn't have- UDP 6030-Now we have seamless VPN operation.-----Original Message-----
From: Perrymon, Josh L. [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 3:43 PM
To: [EMAIL PROTECTED]
Subject: [FW-1] Checkpoint to Cisco 3000 VPN errorsOK,it goes like this---client -----( our Lan ) -------------( check point ) ------------------------------------------------------------------( up north somewhere ) ---------------------------( Cisco 3000 VPN ) -------------- other companies LAN -------))))))))We opened up IKE and ports 50,51 in our firewall ----- It's seems that the initial IKE auth is ok ---then the client on our network wants to send something to port 6030 --- or service 6030 and this is denied by FW-1.What is this service 6030???AND,If they are natting on the other network, the pool has to translate into a live ( routable ) ip before sending traffic back right?I see that this client machine is making outbound requests to a 10.x.x.x http service--- there's no way we can route that..We aren't even using NAT here.So , the problem is that when he clicks connect on the cisco vpn client it gets out to the other network to authenticate..he enters user/pass and seems to be in the system..BUT, he can't access files on the other end and 6080 service/ port keeps dropping...??ANy ideas?? should we open 10000 for nat on our end?Thanks,Josh Perrymon
Network Security Consultant
BE&K , INC
(205) 972-6745
