Re: Soft-Pk VPN Client through firewall
Hi,
2 things to check: firewalling and NAT.
Firwall: open port udp 500, you'll only be able to have one client inside for that
same destination ip address (source and dst port for isakmp messages are udp 500).
Open protocol number 50 and 51 (layer 4 protocols, on top of IP).
NAT: You have to offer from the VPN client an identitity which is the NAT'es address and
not the internal address or the negociation will fails.
All of this is about IPSec, i suppose this is what you talk about.
Hope that help
JeF
On Fri, Mar 01, 2002 at 08:23:03AM +0100, Kalman Czibok wrote:
> Dear Sirs,
>
> Let's see the following configuration.
> There is a Soft-Pk VPN box somewhere and there is a VPN client.
> The connection is working well between them. When I put the client to
> behind a Debian firewall
> it doesnt work. :(
>
> internal network - VPN (server) |------------ internet ------------------ | firewall --------- VPN client
>
> Does anybody know which ports necessary to enable on the firewall for
> the properly working?
> I use ipmasqadm. Wether the autofw option necessary to use?
>
> Very thanks,
>
>
> Kalman.
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
-> Jean-Francois Dive
--> jef@linuxbe.org
Reply to: