Re: Checkpoint SecureClient with 3.2 Gateway
From: erik (erik_at_geenspam.vanwesten.net)
Date: 05/06/03
- Previous message: Rodrick Brown: "Checkpoint SecureClient with 3.2 Gateway"
- In reply to: Rodrick Brown: "Checkpoint SecureClient with 3.2 Gateway"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 06 May 2003 02:35:40 +0200
Rodrick Brown wrote:
> anyone here know if its possible to get checkpoint secure remote
> client working with 3.2 ?? I have tried reading the faqs at
> phoneboy.com with no success am I able to get this VPN client working.
>
> Here is some configs from my pf.conf file if anyoen know if its
> possible to get this working please let me know thanks..
>
> My client software is SecureClient 4.1 SP-5 3DES 4200
> running on windows XP.
>
> rdr on $ExtIF proto esp from any to any -> 10.0.0.7
> rdr on $ExtIF proto udp from any to any port 500 -> 10.0.0.7 port 500
> pass in quick on $ExtIF proto esp from $DOITTVPN to any keep state
> pass out quick on $ExtIF proto esp from any to $DOITTVPN keep state
Wrong. You only need to nat and permit the traffic to the outside
keeping state. The connection is (hopefully) initiated by your client
software, and _not_ the server. I succesfully set up a connection for a
customer (albeit from a linux firewall) using (translated to pf):
pass in quick on $internalif inet proto udp from $here port = 500 to \
$there port = 500 keep state
pass in quick on $internalif inet proto esp from $here to $there \
keep state
pass out quick on $ExtIF all
or something similar (the firewall used is _very_ restrictive). With the
usual open from the inside firewalls you only need to make sure esp is
also included.
HTH,
EJ
-- Remove the obvious part (including the dot) for my email address
- Previous message: Rodrick Brown: "Checkpoint SecureClient with 3.2 Gateway"
- In reply to: Rodrick Brown: "Checkpoint SecureClient with 3.2 Gateway"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
