Welcome to ISAserver.org

CheckPoint VPN-1 SecuRemote

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> CheckPoint VPN-1 SecuRemote

Page: [1]

Message

<< Older Topic Newer Topic >>

CheckPoint VPN-1 SecuRemote - 24.May2006 3:58:29 PM

lomaree

Posts: 14
Joined: 6.Sep.2003
Status: offline

Hi All,

Having problem in trying to get the check point SecuRemote VPN software, i have already enable the following ports in the ISA 2004 but still the client are unable to establish the connection, any help would be really helpfull..

1. TCP Port 264 Outbound
2. UDP Port 500 - IKE Key Negotiation SendRecevie
3. IP Protocol 50 - IPSec (ESP)
4. UDP Port 2746 - Send Recevie

even after this the client does not connect and on the ISA monitoring i don't see anything coming from client IP address to where the connection needs to be established. i hope my question is clear.

Post #: 1

Featured Links*

RE: CheckPoint VPN-1 SecuRemote - 24.May2006 8:34:01 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi lomaree,

a good starting point is the article http://www.isaserver.org/articles/IPSec_Passthrough.html.

HTH,
Stefaan

(in reply to lomaree)

Post #: 2

RE: CheckPoint VPN-1 SecuRemote - 25.May2006 12:44:02 PM

lomaree

Posts: 14
Joined: 6.Sep.2003
Status: offline

read it already and have the ports on the ISA 2004 as following

18234 TCP (Outbound - Primary Connection ISA 2004)
264 TCP (Outbound - Primary Connection ISA 2004)
259 UDP (Send Recevie)
2746 UDP (Send Recevie)
1213 UDP (Send Recevie)
2746 TCP (Outbound - Primary Connection ISA 2004)
500 UDP (IKE Client Send Recevie)

(in reply to spouseele)

Post #: 3

RE: CheckPoint VPN-1 SecuRemote - 25.May2006 1:50:35 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi lomaree,

as far as I know, all recent versions of the Checkpoint software (Firewall/VPN and SecureRemote) do support the IETF IPSec NAT-T RFC's. However, if you are stuck with some older versions, the ISA logging should tell you what connections are being blocked. Of course I assume here that you have disabled the Firewall client and Proxy settings IE, and that the host is configured as SecureNAT client in order to get the SecureRemote VPN software working in the first place.

HTH,
Stefaan

(in reply to lomaree)

Post #: 4

RE: CheckPoint VPN-1 SecuRemote - 25.May2006 2:39:34 PM

lomaree

Posts: 14
Joined: 6.Sep.2003
Status: offline

quote:

I assume here that you have disabled the Firewall client and Proxy settings IE, and that the host is configured as SecureNAT client in order to get the SecureRemote VPN software working in the first place.

Hi spouseele,

I am sorry i did not understand what you are asking me here?

Firewall client , yes i have because i have custom protocols, if not then how do i enable the Firewall client as well as custom protocols in a rule.

(in reply to spouseele)

Post #: 5

RE: CheckPoint VPN-1 SecuRemote - 25.May2006 6:23:44 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi lomaree,

I strongly suggest you read and re-read and ... my article http://www.isaserver.org/articles/IPSec_Passthrough.html, particular section '4. Configuring ISA Clients'.

It is extremely important that you first disable the Firewall client and the IE proxy settings and then try to establish the VPN connection. Once it is working with that configuration, you can start thinking how to fine tune the Firewall and Web Proxy client configuration. Again, all details are in my article. I can't stress it enough, understanding how the different ISA clients work is the key to the solution.

HTH,
Stefaan

(in reply to lomaree)

Post #: 6