Re: Sonicwall firewall blocking isakamp of competing product's VPN client?
From: Don Kelloway (dkelloway_at_commodon.com)
Date: Fri, 11 Jun 2004 03:59:12 GMT
"arabub" <email@example.com> wrote in message
> Lots of our users can connect to our Astaro VPN gateway ("gateway")
> from workstations that are located behind firewalls that perform PAT.
> We are using SSH's Sentinel VPN client, using isakamp/IPSEC.
> There is one user who can successfully connect from her laptop when at
> home where she has a consumer grade firewall. When she is at work,
> however, where she is behind a SonicWall firewall, she cannot connect
> to our gateway.
> I looked at the traffic that arrives at the gateway when a VPN is
> initiated, by running tcpdump on the Astaro VPN gateway, and found
> that there is absolutely no traffic arriving at the gateway when she
> tries to establish a VPN from behind the SonicWall firewall!
> Is this a known problem ("feature") of the SonicWall?
> Could it be that SonicWall filters out isakamp packets?
I believe the SonicWALL firewall is configured (by default) to block UDP
port 500. To add it to the policy should be rather easy as it's
predefined as 'Key Exchange (IKE)'.
-- Best regards, from Don Kelloway of Commodon Communications Visit http://www.commodon.com to learn about the "Threats to Your Security on the Internet".