VPN Not Working

Secure Home | Search | About

Lost Password?

Networking Firewalls

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

VPN Not Working

Mr_Huang

08-27-2007

Re: VPN Not Working

VANHULLEBUS Yva...

Mr_Huang

Mr_Huang

Remien, Carsten

Posted by Mr_Huang on August 27, 2007, 3:32 am

If you were Registered and logged in, you could reply and use other advanced thread options

Dear guru,
I'm pretty new to NS, we have configured the Lan-to-lan VPN as per the
instruction in the manual, however, the tunnel failed and inactive by
"get sa". Wondering it would be blocked by the ISP-router, we have
asked our ISP to open the "VPN" ports. we are using g2-esp-3des-sha
for P2 and Pre-g2-3des-sha for P1.

What ports are required on my router to allow such connection.
udp/500 for ipsec?

Any ideas?

Posted by VANHULLEBUS Yvan on August 27, 2007, 4:17 am

If you were Registered and logged in, you could reply and use other advanced thread options

> Dear guru,

> I'm pretty new to NS, we have configured the Lan-to-lan VPN as per the

> instruction in the manual, however, the tunnel failed and inactive by

> "get sa". Wondering it would be blocked by the ISP-router, we have

> asked our ISP to open the "VPN" ports. we are using g2-esp-3des-sha

> for P2 and Pre-g2-3des-sha for P1.

> What ports are required on my router to allow such connection.

> udp/500 for ipsec?

You'll have to open 500/udp for negociations, and ESP protocol for
encapsulated traffic (unless there is NAT on the way and NAT-T
extension used, in that case, you'll have to open 4500/udp).

Yvan.

Posted by Mr_Huang on August 27, 2007, 7:07 am

If you were Registered and logged in, you could reply and use other advanced thread options

thank you for your valurable information,
Is there a way to telnet to the remote device/gateway from my NS25 to
see if those ports is opening or not.

> > Dear guru,

> > I'm pretty new to NS, we have configured the Lan-to-lan VPN as per the

> > instruction in the manual, however, the tunnel failed and inactive by

> > "get sa". Wondering it would be blocked by the ISP-router, we have

> > asked our ISP to open the "VPN" ports. we are using g2-esp-3des-sha

> > for P2 and Pre-g2-3des-sha for P1.

> > What ports are required on my router to allow such connection.

> > udp/500 for ipsec?

> You'll have to open 500/udp for negociations, and ESP protocol for

> encapsulated traffic (unless there is NAT on the way and NAT-T

> extension used, in that case, you'll have to open 4500/udp).

> Yvan.

Posted by Mr_Huang on August 27, 2007, 7:51 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Also how can I remove those VPN setting/gateway? from the Web
interface or CommandLine?
"unset ike gateway name" didn't work

> thank you for your valurable information,

> Is there a way to telnet to the remote device/gateway from my NS25 to

> see if those ports is opening or not.

> > > Dear guru,

> > > I'm pretty new to NS, we have configured the Lan-to-lan VPN as per the

> > > instruction in the manual, however, the tunnel failed and inactive by

> > > "get sa". Wondering it would be blocked by the ISP-router, we have

> > > asked our ISP to open the "VPN" ports. we are using g2-esp-3des-sha

> > > for P2 and Pre-g2-3des-sha for P1.

> > > What ports are required on my router to allow such connection.

> > > udp/500 for ipsec?

> > You'll have to open 500/udp for negociations, and ESP protocol for

> > encapsulated traffic (unless there is NAT on the way and NAT-T

> > extension used, in that case, you'll have to open 4500/udp).

> > Yvan.- Hide quoted text -

> - Show quoted text -

Posted by Remien, Carsten on September 1, 2007, 10:08 am

If you were Registered and logged in, you could reply and use other advanced thread options

Hi,

Mr_Huang wrote:

> Also how can I remove those VPN setting/gateway? from the Web

> interface or CommandLine?

> "unset ike gateway name" didn't work

1st you have to unset the dynamic protocols from the tunnel interface
(in case you are using this).
Then unset the tunnel interface from the vpn.
Then unset the vpn from the ike gateway.
Now it´s possible to unset the ike gateway.

Regards,

Carsten
JNCIS-FWV

--

# Use ROT13 to see my e-mail address

Similar Threads	Posted
HOT WORKING PROXY	August 19, 2007, 12:12 pm
NEW Working Proxy	September 2, 2007, 4:41 pm
Windows XP SP2 firewall still not working right	July 28, 2005, 3:16 am
NEW LIST OF WORKING PROXIES	August 11, 2007, 11:29 am
FAST WORKING PROXY	August 12, 2007, 5:03 pm
PHP Proxy - FULLY Working	September 17, 2007, 6:17 am
NEW Myspace Working Proxy!	September 27, 2007, 4:17 pm
New working proxy unblock101.com and more	November 2, 2007, 6:02 am
Router Quit Working	March 20, 2008, 11:23 pm
Working Myspace Proxies	April 7, 2008, 10:03 am

The site map in XML format XML site map