Dear Anubhav Shet,
I have found this article in the Advanced Knowledge Base from checkpoint, I
hope this will help you to solve your problem.
What ports and services should configured on other firewalls to allow
FireWall-1 services to pass from SecuRemote Clients to the SecuRemote
Server?
Solution ID: sk14617
Creation Date: 09/27/2002
Revised Date: 06/19/2003
Preferred Product: SecureClient
Latest Version: ngcompatibility
Category: Services
The information in this article applies to:
SecureClient NG FP3
SecuRemote NG FP3
VPN-1 NG
FireWall-1 NG
ports
services
Solution
If there are other firewalls along the path connecting the SecuRemote
Client (that performs the encryption) and the SecuRemote Server (the
VPN-1/FireWall-1 Module that performs the decryption), you should configure
the other firewalls to allow FW-1 services to pass from the SecuRemote
Client to the SecuRemote Server. You should allow the following services:
- TCP/264 (Topology Download)
- IKE
- IPSEC and IKE (UDP on port 500)
- IPSEC ESP (IP type 50)
- IPSEC AH (IP type 51)
- TCP/500 (if using IKE over TCP)
- UDP 2746 or another port (if using UDP encapsulation)
SecureClient specific connections:
- FW1_scv_keep_alive (UDP port 18233) ? used for SCV keep-alive packets
- FW1_pslogon_NG (TCP port 18231) ? used for SecureClient's logon to Policy
Server protocol
- FW1_sds_logon (TCP port 18232) ? used for SecureClient's Software
Distribution Server download protocol
- tunnel_test (UDP port 18234) - used by Check Point tunnel testing
application
Best Regards,
Juan
|---------+-------------------------------------------->
| | Anubhav Shet |
| | <seckid_79 AT YAHOO.CO DOT UK> |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <FW-1-MAILINGLIST AT AMADEUS.US DOT CHEC|
| | KPOINT.COM> |
| | |
| | |
| | 21/11/2003 09:41 |
| | Please respond to Mailing list |
| | for discussion of Firewall-1 |
| | |
|---------+-------------------------------------------->
>--------------------------------------------------------------------------------------------------------------|
|
|
| To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
|
| cc:
|
| Subject: [FW-1] Ports to be opened for Vpn connection
|
>--------------------------------------------------------------------------------------------------------------|
Hello,
Could anyone tell me what ports do I need to open on my cisco router to
establish Vpn connection from a client machine(SecureClient NG FP3) to
Checkpt firewall(NG FP3).
Thanks in Advance .
---------------------------------
Want to chat instantly with your online friends? Get the FREE
Yahoo!Messenger
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
