RE: [FW1] SecuRemote ports

Thu, 11 Jan 2001 15:07:05 -0800 



Keep in mind that newer builds of SecuRemote try to connect via port TCP:264
fw_topo first, then go down to port TCP:256 for backward compatibility...
;)



-----Original Message-----
From: Konstantin Matev [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 11, 2001 5:35 PM
To: 'MZ'; [EMAIL PROTECTED]
Subject: RE: [FW1] SecuRemote ports



Make sure that you have open 256(tcp) FW1 and 500(udp) IKE. That's all ports
you need for secure remote with IKE authentication. Enable a rule above the
Client Encrypt rule that says:

any  firewall 256;500(udp) accept log 

-Dex

>  -----Original Message-----
> From:         MZ [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, January 11, 2001 1:26 PM
> To:   [EMAIL PROTECTED]
> Subject:      [FW1] SecuRemote ports
> 
> 
> 
> Hi all
> 
> I am using SecuRemote build 4165 and FW1 4.1 SP2 and have the following
> problem.  After spending days pulling my hair out I realised after running
> a port scan and packet sniffer that the SecuRemote packets on port 264 &
> 265 were being blocked by the leased line provider. After having a go at
> them, they finally reconfigured their routers and I am now able to create
> and update sites.
> 
> I have also got them open UDP port 259 and I have tested this by telneting
> to that port. When SecuRemote is activated and I try and access resources
> behind the firewall, I am obviusely presented with the login dialogue box
> and I get the following error:
> 
> No answer from firewall at x.x.x.x and I am not authenticated. 
> 
> The packet sniffer does not see any packets from the SecuRemote client,
> which means that they never reach my firewall and are dropped somewhere. I
> have analysed the packets on working SecuRemote setup and the packets show
> up as IP service 94 and IP service 17. Could someone explain this for me
> as the ISP doesn't know what is going wrong.
> 
> Best regaards and thks in advance.
> 
> MZ


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to