Re: [FW-1] SecuRemote thru OpenBSD 3.2 PF

Wed, 29 Jan 2003 00:50:19 -0800 

Hi,
(B
(Bi have this running but i use FreeBSD as NAT Gateway.  On the FreeBSD box i
(Bconfigured NAT and IPFW. There are two rules in the IPFW nessasary if you
(Bwant to use SecuRemote/SecureClient behind it. These are:
(B
(Bipfw allow udp from any to any 500
(Bipfw allow esp from any to any
(B
(BStefan
(B
(B
(B-----Original Message-----
(BFrom: Vadim Kuznetsov [mailto:[EMAIL PROTECTED]]
(BSent: Dienstag, 28. Januar 2003 19:37
(BTo: [EMAIL PROTECTED]
(BSubject: [FW-1] SecuRemote thru OpenBSD 3.2 PF
(B
(B
(B-----BEGIN PGP SIGNED MESSAGE-----
(BHash: SHA1
(B
(BHi,
(B
(B
(BMy test environment is NG FP3 on Linux 7.3 and SecuRemote 53328 on W2k
(Bbehind OpenBSD 3.2 PF/NAT
(B
(BI'm trying to create site.
(BIt does not work so far. :(
(B
(BI sniffed the traffic between FW and NAT device.
(B
(BHere is interesting part
(B
(B16:19:39.550591 fi.re.wa.ll.isakmp > o.bsd.pf.nat.59225: isakmp 1.0
(Bmsgid 00000000: phase 1 R ident[E]: [|id] (len mi
(Bsmatch: isakmp 1628/ip 1472) (frag 64242:1480@0+) (ttl 64, len 1500)
(B~                         4500 05dc faf2 6000 4011 ea01 xxxx xxxx
(B~                         xxxx xxxx 01f4 e759 0664 8b4a dbeb 48d5
(B
(B
(BThe packets has both DF and MF set.
(BOBSD PF scrub in all, srcub out all is going to discard those packets.
(B
(BIs this Linux bug?
(BCP?
(BOBSD?
(BAny comments?
(B
(BDoes anybody get such configuration working?
(B
(B
(B- --
(BThanks,
(B
(BVadim Kuznetsov
(BSystems Administrator
(B
(BSapiens Americas
(B
(Bhttp://www.sapiens.com/
(B"Modernizing Business Processes Through Proven IT Solution"
(B
(BPhone: 919-405-1563 Toll free: 800-858-9473x563 Fax: 919-405-1700
(B
(B
(B2000 CentreGreen Way, Suite 240
(BCary, NC 27513
(B
(B-----BEGIN PGP SIGNATURE-----
(BVersion: GnuPG v1.2.1 (MingW32)
(B
(BiD8DBQE+Ns3cZlJj7TmMsZ8RAgpZAJ9pMNuLsX1i7cTOmzCQfwLEjpn4/ACgpF+C
(B/P+n73xu85f4hmZk/rAnbM0=
(B=tIM8
(B-----END PGP SIGNATURE-----
(B
(B=================================================
(BTo set vacation, Out Of Office, or away messages,
(Bsend an email to [EMAIL PROTECTED]
(Bin the BODY of the email add:
(Bset fw-1-mailinglist nomail
(B=================================================
(BTo unsubscribe from this mailing list,
(Bplease see the instructions at
(Bhttp://www.checkpoint.com/services/mailing.html
(B=================================================
(BIf you have any questions on how to change your
(Bsubscription options, email
([EMAIL PROTECTED]
(B=================================================
(B
(B=================================================
(BTo set vacation, Out Of Office, or away messages,
(Bsend an email to [EMAIL PROTECTED]
(Bin the BODY of the email add:
(Bset fw-1-mailinglist nomail
(B=================================================
(BTo unsubscribe from this mailing list,
(Bplease see the instructions at
(Bhttp://www.checkpoint.com/services/mailing.html
(B=================================================
(BIf you have any questions on how to change your
(Bsubscription options, email
([EMAIL PROTECTED]
(B=================================================

Reply via email to