RE: Nortel Contivity VPN and Firewalls
From: Rudiger Lenz (rlenz_at_upandrun.de)
Date: 08/18/03
- Previous message: Dave.Hartley_at_uk.delarue.com: "RE: Personal Firewall Recommendations"
- In reply to: Peter Van Eeckhoutte: "Re: Nortel Contivity VPN and Firewalls"
- Next in thread: DeGennaro, Gregory: "RE: Nortel Contivity VPN and Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Peter Van Eeckhoutte" <peter.ve@pandora.be>, <Leonard.Ong@nokia.com>, "SecurityBasics" <security-basics@securityfocus.com> Date: Mon, 18 Aug 2003 14:38:14 +0200
Just one comment, if you use or better the client and GW decide that NAT-T
(Nat traversal) has to be used you also need to open the higher UDP ports
i.e. 4500...what ever is configured on the GW....or force it then you need
only UDP 500 and 4500 etc no ESP or AH (IP 50/51) because even the ESP
packets will travel via the NAT-T UDP port i.e. 4500....
hope this helps
-----Original Message-----
From: Peter Van Eeckhoutte [mailto:peter.ve@pandora.be]
Sent: Freitag, 15. August 2003 13:49
To: Leonard.Ong@nokia.com; SecurityBasics
Subject: Re: Nortel Contivity VPN and Firewalls
I don't think you need tcp 57... only UDP 500, and IP protocol 50 and/or 51
(depending on if you are using ESP (I think that is the default setting with
Nortel) or AH)
----- Original Message -----
From: <Leonard.Ong@nokia.com>
To: <Henry.Won@jda.com>; <security-basics@securityfocus.com>
Sent: Thursday, August 14, 2003 5:26 AM
Subject: RE: Nortel Contivity VPN and Firewalls
Hello All,
Thanks for your inputs on allowing Nortel VPN. Basically the simplified
version would be :
Host in Extranet -> Firewall -> Internet -> Nortel VPN Gateway
Now, we need to have a correct ports open on Firewall. From the inputs I've
received so far :
a. UDP 500
b. IP Protocol 50
c. TCP 57
Did I miss something ?
Regards,
Leonard
> -----Original Message-----
> From: ext Henry Won [mailto:Henry.Won@jda.com]
> Sent: Thursday, August 14, 2003 12:13 AM
> To: Ong Leonard (NBI/Singapore); security-basics@securityfocus.com
> Subject: RE: Nortel Contivity VPN and Firewalls
>
>
> Assuming your clients are trying to connect to Contivity box
> outside the
> firewall, you probably need to map global ip to local ip for
> whomever trying
> to connect as well as allowing inbound ESP.
>
> Henry
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 - Release Date: 12.08.2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.510 / Virus Database: 307 - Release Date: 14.08.2003 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Dave.Hartley_at_uk.delarue.com: "RE: Personal Firewall Recommendations"
- In reply to: Peter Van Eeckhoutte: "Re: Nortel Contivity VPN and Firewalls"
- Next in thread: DeGennaro, Gregory: "RE: Nortel Contivity VPN and Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
