Re: ISA and Checkpoint NG VPN Client

From: Ray (reply_in_at_newsgroup.only)
Date: 05/26/04

Next message: Jay Man: "Outgoing IP"

Previous message: Ashish Chetal: "RE: Antivirus won't update since ISA install? HELP!"
In reply to: Chris Hart: "ISA and Checkpoint NG VPN Client"
Next in thread: anonymous_at_discussions.microsoft.com: "Re: ISA and Checkpoint NG VPN Client"
Reply: anonymous_at_discussions.microsoft.com: "Re: ISA and Checkpoint NG VPN Client"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 26 May 2004 16:02:15 -0400

SecuRemote & SecureClient specific connections
- TCP/264 (Topology Download)
- IKE
- IPSEC and IKE (UDP on port 500)
- IPSEC ESP (IP type 50)
- IPSEC AH (IP type 51)
- TCP/500 (if using IKE over TCP)
- UDP 2746 or another port (if using UDP encapsulation)

SecureClient specific connections:
- FW1_scv_keep_alive (UDP port 18233) - used for SCV keep-alive packets
- FW1_pslogon_NG (TCP port 18231) - used for SecureClient's logon to Policy
Server protocol
- FW1_sds_logon (TCP port 18232) - used for SecureClient's Software
Distribution Server download protocol
- tunnel_test (UDP port 18234) - used by Check Point tunnel testing
application

It would be easier for the Check Point end to enable "Visitor Mode" which
encapsulates IPSec in a TCP 443 SSL connection.

Ray

"Chris Hart" <chart67@hotmail.com> wrote in message
news:122d601c44278$3c8a6cb0$a001280a@phx.gbl...
> Hi,
>
> Does anyone know what tcp/udp ports should be enabled for
> an NG VPN Client to work from behind a ISA firewall.
>
> Currently, the only way we can attached to a remote
> system using the Checkpoint client is by plugging the PC
> directly into the router, bypassing the server.
>
> Any help would be greatly appreciated.
>
> Thanks,
> Chris

Next message: Jay Man: "Outgoing IP"

Previous message: Ashish Chetal: "RE: Antivirus won't update since ISA install? HELP!"
In reply to: Chris Hart: "ISA and Checkpoint NG VPN Client"
Next in thread: anonymous_at_discussions.microsoft.com: "Re: ISA and Checkpoint NG VPN Client"
Reply: anonymous_at_discussions.microsoft.com: "Re: ISA and Checkpoint NG VPN Client"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: using routers ACL to substitute firewall
... > You can handle TCP responses with a statement such as ... > systems have any programs that dynamically allocate UDP source ... > packets with a UDP source port of 137, ... > For incoming connections, UDP is again a problem, in that UDP ...
(comp.security.misc)
Re: using routers ACL to substitute firewall
... > You can handle TCP responses with a statement such as ... > systems have any programs that dynamically allocate UDP source ... > packets with a UDP source port of 137, ... > For incoming connections, UDP is again a problem, in that UDP ...
(alt.computer.security)
Re: UDP problems
... >> UDP but I'm having strange problems with connections. ... >> But when I try to play the game with friends over internet, ... >> ) The port all clients are using ...
(comp.lang.java.programmer)
Re: using routers ACL to substitute firewall
... new connections to any port number that *might* ever act as a server ... You can handle TCP responses with a statement such as ... systems have any programs that dynamically allocate UDP source ... For incoming connections, UDP is again a problem, in that UDP ...
(alt.computer.security)
Re: using routers ACL to substitute firewall
... new connections to any port number that *might* ever act as a server ... You can handle TCP responses with a statement such as ... systems have any programs that dynamically allocate UDP source ... For incoming connections, UDP is again a problem, in that UDP ...
(comp.security.misc)