Firewall Wizards mailing list archives
RE: IPSEC behind 5XT
From: "Ben Nagy" <ben () iagu net>
Date: Fri, 29 Aug 2003 10:29:23 +0200
Question one 'is are you using NAT?'. That can complicate things. Overall, I would make sure you aren't using NAT, and then make sure that your Netscreen is properly passing the traffic on the 'other' IP Protocols. You need GRE (47) for PPTP and ESP and AH (50 and 51) for IPSec. You can check this using traceroute with hping, and the --ipproto option. If the basic connectivity tests work out then it could be some weird in-protocol VPN chicanery, but it doesn't smell like it. I'd like to be more help, but there's really not enough info at this stage. Cheers, ben
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Clark, Steve Sent: Friday, August 29, 2003 12:09 AM To: firewall-wizards () honor icsalabs com Good afternoon, I am trying to figure out how to configure a 5XT to allow other company's remote VPN products to pass thru a 5XT. Two situations: 1. SSH Sentinel connecting to a Linksys VPN - remove the NS from in between and the VPN works fine. Put SSH Sentinel behind the NS 5XT in route mode and the VPN will not build. The logs from SSH indicate: Retransmitting packet, retries = 5. First I thought it was the Linksys VPN, but... 2. PPTP VPN on a XP laptop - outside the NS, works fine, behind the NS, same issue - will not build a tunnel to a different company's VPN router. Have called NS support and they look at debug and say all is well - however, still can't connect and I don't think 2 company's devices are failing ONLY on me. NS 5XT in route mode on OS 4.0.0r8 Any ideas of where to look or what direction to go? TIA Steve
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IPSEC behind 5XT Clark, Steve (Aug 28)
- RE: IPSEC behind 5XT Ben Nagy (Aug 29)