Hi,
I'm having some problems using Pf in 3.3 current ( i386 )with securemote.
I can authenticate with the Server , but after that i can't interact with
the remote VPN.
These are my rules( checkpoint related):
nat on $external inet proto { tcp, udp, esp, icmp, gre } from
$wireless:network port = 500 to $checkpoint -> ($external) port 500
nat on $external inet proto { tcp, udp, esp, icmp, gre } from
$internal:network port = 500 to $checkpoint -> ($external) port 500
pass out quick on $external proto { icmp, tcp, udp, esp, gre } from any to
$checkpoint keep state queue (q_def, q_pri)
pass in quick on $external proto { icmp, tcp, udp, esp, gre } from
$checkpoint to any keep state queue (q_def, q_pri)
$ sudo tcpdump -i tun0 host 213.63.x.xx
tcpdump: listening on tun0
23:38:49.453546 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
I
D_PROT
cookie: b9422eae22c5187d->0000000000000000 msgid: 00000000 len: 316
23:38:49.590017 213.63.x.xx.isakmp > 213.63.1.5.62777: isakmp v1.0 exchange
I
D_PROT
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 00000000 len: 132
23:38:49.711880 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
I
D_PROT
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 00000000 len: 220
23:38:49.780021 213.63.x.xx.isakmp > 213.63.1.5.62777: isakmp v1.0 exchange
I
D_PROT
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 00000000 len: 184
23:38:49.902374 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
I
D_PROT encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 00000000 len: 76
23:38:49.982099 213.63.x.xx.isakmp > 213.63.1.5.62777: isakmp v1.0 exchange
I
D_PROT encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 00000000 len: 924
23:38:50.086102 213.63.x.xx.isakmp > 213.63.1.5.62777: isakmp v1.0 exchange
I
D_PROT encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 00000000 len: 924
23:38:50.250091 213.63.x.xx.isakmp > 213.63.1.5.62777: isakmp v1.0 exchange
I
D_PROT encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 00000000 len: 924
23:38:50.474978 213.63.x.xx.isakmp > 213.63.1.5.62777: isakmp v1.0 exchange
T
RANSACTION encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4e7c3949 len: 76
23:38:50.593353 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
T
RANSACTION encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4e7c3949 len: 92
23:38:50.689954 213.63.x.xx.isakmp > 213.63.1.5.62777: isakmp v1.0 exchange
T
RANSACTION encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4e7c3949 len: 92
23:38:50.723572 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
T
RANSACTION encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4e7c3949 len: 92
23:38:50.775972 213.63.x.xx.isakmp > 213.63.1.5.62777: isakmp v1.0 exchange
T
RANSACTION encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4e7c3949 len: 140
23:38:50.815847 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
T
RANSACTION encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4e7c3949 len: 76
23:38:50.913504 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
T
RANSACTION encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4e7c3949 len: 76
23:38:51.013627 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
T
RANSACTION encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4e7c3949 len: 76
23:38:51.416026 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
Q
UICK_MODE encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4f1e6115 len: 492
23:38:51.498961 213.63.x.xx.isakmp > 213.63.1.5.62777: isakmp v1.0 exchange
Q
UICK_MODE encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4f1e6115 len: 172
23:38:51.637794 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
Q
UICK_MODE encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4f1e6115 len: 60
23:38:51.754919 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
Q
UICK_MODE encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4f1e6115 len: 60
23:38:51.854997 213.63.1.5.62777 > 213.63.x.xx.isakmp: isakmp v1.0 exchange
Q
UICK_MODE encrypted
cookie: b9422eae22c5187d->80ebb129e0b04017 msgid: 4f1e6115 len: 60
23:38:51.935129 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:38:53.737657 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:38:58.744841 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:39:01.828539 213.63.x.xx.2746 > 213.63.1.5.59506: udp 116
23:39:01.831709 213.63.1.5.59506 > 213.63.x.xx.2746: udp 116
23:39:03.475467 213.63.x.xx.2746 > 213.63.1.5.59506: udp 116
23:39:03.478477 213.63.1.5.59506 > 213.63.x.xx.2746: udp 116
23:39:05.694389 213.63.x.xx.2746 > 213.63.1.5.59506: udp 116
23:39:05.697305 213.63.1.5.59506 > 213.63.x.xx.2746: udp 116
23:39:09.218359 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:39:12.996091 213.63.x.xx.2746 > 213.63.1.5.59506: udp 100
23:39:12.998979 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:39:12.999205 213.63.x.xx.2746 > 213.63.1.5.59506: udp 100
23:39:13.001504 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:39:13.804047 213.63.x.xx.2746 > 213.63.1.5.59506: udp 100
23:39:13.806691 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:39:13.807087 213.63.x.xx.2746 > 213.63.1.5.59506: udp 100
23:39:13.809396 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:39:14.266966 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:39:15.406999 213.63.x.xx.2746 > 213.63.1.5.59506: udp 100
23:39:15.409660 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:39:15.410088 213.63.x.xx.2746 > 213.63.1.5.59506: udp 100
23:39:15.412447 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:39:19.274152 213.63.1.5.59506 > 213.63.x.xx.2746: udp 92
23:39:26.254626 213.63.1.5.59506 > 213.63.x.xx.2746: udp 84
23:39:29.188249 213.63.1.5.59506 > 213.63.x.xx.2746: udp 84
23:39:35.196867 213.63.1.5.59506 > 213.63.x.xx.2746: udp 84
I've tried every options in "Advanced IKE Settings".
Any thoughts?
Thanks.
Regards,
Pedro
- Re: SecureRemote pedro
- Re: SecureRemote Trevor Talbot
- Re: SecureRemote Pedro Marcolino
- Re: SecureRemote Jolan Luff
