Archived from groups: comp.security.firewalls,comp.dcom.vpn (More info?)
Hi,
I have a static IP/ADSL line and use a Zyxel Prestige 643 router as the
modem/router+firewall. The router has NAT enabled and serves as the DHCP
server for my local LAN.
I am able to do almost everything except VPN out to my work place (we
use Nortel's Contivity VPN client).
I opened up port 500 (UDP) to allow ISAKMP traffic - this got me past
the first stage. A network trace revealed 3 packets being exchanged for
ISAKMP aggressive on srcport==dstport==500. The subsequent packet from
my machine seems to choose a random UDP port. I have seen port# between
1450-1700 being used. I think this is an IP packet encapsulated in UDP.
However, I never get a response back since that port is typically
blocked on my firewall. I continue to see ISAKMP informational packets
on port 500 but at about this point the VPN software gives up.
Has anyone encountered a similar problem ?
Any suggestions on what I can do to get the traffic to pass through with
out opening up my firewall.
Thanks,
~sri
srikantkt (at) REMOVE_SPAM gmail (dot) com
Hi,
I have a static IP/ADSL line and use a Zyxel Prestige 643 router as the
modem/router+firewall. The router has NAT enabled and serves as the DHCP
server for my local LAN.
I am able to do almost everything except VPN out to my work place (we
use Nortel's Contivity VPN client).
I opened up port 500 (UDP) to allow ISAKMP traffic - this got me past
the first stage. A network trace revealed 3 packets being exchanged for
ISAKMP aggressive on srcport==dstport==500. The subsequent packet from
my machine seems to choose a random UDP port. I have seen port# between
1450-1700 being used. I think this is an IP packet encapsulated in UDP.
However, I never get a response back since that port is typically
blocked on my firewall. I continue to see ISAKMP informational packets
on port 500 but at about this point the VPN software gives up.
Has anyone encountered a similar problem ?
Any suggestions on what I can do to get the traffic to pass through with
out opening up my firewall.
Thanks,
~sri
srikantkt (at) REMOVE_SPAM gmail (dot) com