• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: CP SecuRemote Client can't get out

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> VPN >> RE: CP SecuRemote Client can't get out Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: CP SecuRemote Client can't get out - 13.Nov.2003 8:07:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Trevor,

disable the Firewall client before using the VPN client. For more info, check out my article http://www.isaserver.org/articles/IPSec_Passthrough.html .

HTH,
Stefaan

(in reply to wdPatterson)
Post #: 21
RE: CP SecuRemote Client can't get out - 13.Nov.2003 11:32:00 PM   
kbs

 

Posts: 178
Joined: 1.Feb.2002
From: Silkeborg, Denmark
Status: offline
Will this solution only be possible with Windows 2003 Server running ISA 2000 ?

I have a windows 2000 server running ISA 2000.

(in reply to wdPatterson)
Post #: 22
RE: CP SecuRemote Client can't get out - 14.Nov.2003 7:17:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi KB,

to pass IPSec NAT-T traffic through ISA server you do *not* need to run ISA onto W2K3. Only if ISA is the VPN endpoint and you want the benefits of IPSec NAT-T, then you must run ISA onto W2K3.

HTH,
Stefaan

(in reply to wdPatterson)
Post #: 23
RE: CP SecuRemote Client can't get out - 13.Apr.2005 5:50:00 PM   
Guest
nat_k@hotmail.com [Mad]

(in reply to wdPatterson)
  Post #: 24
RE: CP SecuRemote Client can't get out - 27.Jun.2005 4:13:00 PM   
Guest
Does it works fine?

quote:
Originally posted by wdPatterson:
How do I configure ISA to allow CheckPoint's SecuRemote Client out through ISA?

This is the KB article that CheckPoint publishes. Like everything else, it is maddeningly incomplete.
---------------------------------------------
...you should configure the other firewalls to allow FW-1 services to pass from the SecuRemote Client to the SecuRemote Server. You should allow the following services:
- IKE
- IPSEC and IKE (UDP on port 500)
- IPSEC ESP (IP type 50)
- IPSEC AH (IP type 51)
- TCP/500 (if using IKE over TCP)
- UDP 2746 or another port (if using UDP encapsulation)
- SecureClient connections
- FW1_scv_keep_alive (UDP port 18233) used for SCV keep-alive packets
- FW1_pslogon_NG (TCP port 18231) used for SecureClient's logon to Policy Server protocol
- FW1_sds_logon (TCP port 18232) used for SecureClient's Software Distribution Server download protocol
---------------------------------------
How do you configure IKE? Should there be a packet filter? Bidirectional? Please help!

Bill


(in reply to wdPatterson)
  Post #: 25
RE: CP SecuRemote Client can't get out - 25.Jun.2009 1:16:29 PM   
mattgoldman

 

Posts: 1
Joined: 25.Jun.2009
Status: offline
Sorry, I know this is an old thread.

I have tried the NAT-T solutions but they don't seem to work. I have set the following in the firewall policy:

UDP 500 send-receive
IP-level 51 send-receive
IP-level 50 send-receive
UDP 4500 send-receive
UDP 2746 send-receive
TCP 264 outbound

I have also set some other ports but I think they are specific to this implementation. Does anyone know the exact settings that should be enabled on the client?

any advice would be appreciated.

Thanks

Matt

< Message edited by mattgoldman -- 25.Jun.2009 1:17:47 PM >

(in reply to wdPatterson)
Post #: 26

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> VPN >> RE: CP SecuRemote Client can't get out Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts