XPost: comp.security.firewalls   
   From: somon@here.invalid   
      
   "."  wrote in message   
   news:419867AB.5090307@junkmail.com...   
   | Hi,   
   |   
   | I have a static IP/ADSL line and use a Zyxel Prestige 643 router as   
   the   
   | modem/router+firewall. The router has NAT enabled and serves as the   
   DHCP   
   | server for my local LAN.   
   | I am able to do almost everything except VPN out to my work place (we   
   | use Nortel's Contivity VPN client).   
   | I opened up port 500 (UDP) to allow ISAKMP traffic - this got me past   
   | the first stage. A network trace revealed 3 packets being exchanged   
   for   
   | ISAKMP aggressive on srcport==dstport==500. The subsequent packet from   
   | my machine seems to choose a random UDP port. I have seen port#   
   between   
   | 1450-1700 being used. I think this is an IP packet encapsulated in   
   UDP.   
   | However, I never get a response back since that port is typically   
   | blocked on my firewall. I continue to see ISAKMP informational packets   
   | on port 500 but at about this point the VPN software gives up.   
   |   
   | Has anyone encountered a similar problem ?   
   | Any suggestions on what I can do to get the traffic to pass through   
   with   
   | out opening up my firewall.   
      
   There is no need to open any port for Contivity VPN.  If your router   
   supports VPN pass through then that should be enough.  You should check   
   with your work IT.  The VPN switch needs to authenticate you then it'll   
   issue the ip from the server, maybe this is were the problem is.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)