Greetings, I have someone trying to make an outbound connection to a Cisco 3000 Concentrator using the Cisco VPN client software through my 4.1 SP4 firewall. I opened up UDP port 500 (IKE) and proto 50 (ESP) outbound. The tunnel to the Cisco always sets up successfully (according to their logs)...however the user is unable to http/ping/telnet/whatever!
Tcpdump logs show UDP port 500 and ESP activity. The firewall log shows accepted outbound port 500 traffic but it shows drops on random high ports coming from the remote Cisco Concentrator. The strange thing to me is that these high ports show that the protocol is ESP and I always thought that ESP doesn't use ports: 30Sep2002 8:53:52 drop proto esp src 192.168.2.2 dst 10.10.10.10 service 58333 s_port 53917 len 200 To test if it was my firewall I opened up all ports from the Concentrator inbound and the outbound connection was successful and the user was able to do his work. Has anybody seen this before? A search at google, shmoo, securepoint, cisco, and checkpoint revealed no clues. -- Joe ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
