Re: Kerio PF 4 question

From: dkg_ctc (dontknowguilt_at_hotmail.com)
Date: 12/01/03 

Date: 1 Dec 2003 17:47:37 GMT

John <john@john.com> wrote in
news:h7imsv80956cf433nlgjd6q0gadrvoevon@4ax.com:

> Running 4.0.8. I have a Watchguard Firebox 1000 on one of my
> networks, and in another state I have a Sonicwall Pro 300. I use
> the secure client software that came with the Watchguard to
> connect to both. The IP of the firewalls is in a trusted range,
> as is the internal addresses of the servers I use (both networks
> on different private subnets so each has it's own entry in trusted
> networks).
>
> Now, generally when I activate the secure client VPN software, I
> just ping one of the internal resources to establish the VPN
> connection. The software shows the connection when the tunnel is
> established, and the command prompt goes from no reply to getting
> replies. Viola, connection established.
>
> Now that I'm trying out Kerio, if I have it turned on, the tunnel
> will never get established, though the firewall software is set to
> allow traffic for the VPN software, as well as ping. So in order
> to establish the tunnel, I have to disable the firewall, ping,
> then turn the firewall back on. once the tunnel is established,
> everything works fine (including the ping). Tunnel is functioning
> and not blocked by Kerio, nor is ping. Exchange server is
> reachable via outlook, mapping drives, etc. All that I would
> expect to work is working fine. I just have to keep disabling the
> firewall to establish the tunnel even though the rules appear to
> be set fine otherwise the same thing would fail after the tunnel
> is established and I turn the firewall back on.
>
> Any suggestions?

I would suggest disabling the IDS module of KPF4. It is overly
restrictive, and can quite often block legitimate traffic.

Relevant Pages

  • RE: IPSEC tunnel issue..
    ... > secure tunnel between these two networks and I'm having some ... > tunnel endpoints. ... you're running the FreeBSD firewall in ... build the tunnel and route anything that isn't through the ...
    (freebsd-questions)
  • Re: Kerio PF 4 question
    ... > networks, and in another state I have a Sonicwall Pro 300. ... > ping one of the internal resources to establish the VPN connection. ... > Now that I'm trying out Kerio, if I have it turned on, the tunnel will ... > establish the tunnel, I have to disable the firewall, ping, then turn ...
    (comp.security.firewalls)
  • Re: Kerio PF 4 question
    ... >> networks, and in another state I have a Sonicwall Pro 300. ... >> ping one of the internal resources to establish the VPN connection. ... >> Now that I'm trying out Kerio, if I have it turned on, the tunnel will ... >> establish the tunnel, I have to disable the firewall, ping, then turn ...
    (comp.security.firewalls)
  • Kerio PF 4 question
    ... networks, and in another state I have a Sonicwall Pro 300. ... ping one of the internal resources to establish the VPN connection. ... Now that I'm trying out Kerio, if I have it turned on, the tunnel will ... establish the tunnel, I have to disable the firewall, ping, then turn ...
    (comp.security.firewalls)
  • Re: IPv6 Woes...
    ... to ping across the tunnel, and to the internet just fine. ... My setup works fine if I ping the network address of my v6 router ... therefore ethernet bridging is not relevant ...
    (freebsd-net)
Loading