XPost: comp.security.firewalls   
   From: dontspamme@junkmail.com   
      
   Hi,   
      
   I have a static IP/ADSL line and use a Zyxel Prestige 643 router as the   
   modem/router+firewall. The router has NAT enabled and serves as the DHCP   
   server for my local LAN.   
   I am able to do almost everything except VPN out to my work place (we   
   use Nortel's Contivity VPN client).   
   I opened up port 500 (UDP) to allow ISAKMP traffic - this got me past   
   the first stage. A network trace revealed 3 packets being exchanged for   
   ISAKMP aggressive on srcport==dstport==500. The subsequent packet from   
   my machine seems to choose a random UDP port. I have seen port# between   
   1450-1700 being used. I think this is an IP packet encapsulated in UDP.   
   However, I never get a response back since that port is typically   
   blocked on my firewall. I continue to see ISAKMP informational packets   
   on port 500 but at about this point the VPN software gives up.   
      
   Has anyone encountered a similar problem ?   
   Any suggestions on what I can do to get the traffic to pass through with   
   out opening up my firewall.   
      
   Thanks,   
   ~sri   
      
   srikantkt (at) REMOVE_SPAM gmail (dot) com   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)