Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server

Email lists > OpenBSD Miscellaneous topics

Thread: Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server

Search this list only Search all lists
Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server
	2007-07-03 07:36:24
Hi, I am on a MS Windows XP system behind an OpenBSD 4.0 firewall. All outbound TCP, UDP and ICMP traffic from the LAN is let out through PF. I am able to connect to another Fortigate IPSEC VPN Server on the Internet using Forticlient on the same XP system but no data communication happens between them. I tried connecting from a network that is not firewalled by OpenBSD and the VPN connection to the same Fortigate Server is working fine and I am able to access the internal machines. Is there any other traffic I should allow other than TCP,UDP,ICMP on the firewall to connect and pass traffic between the Fortigate VPN server and the XP system using Forticlient? Thankyou so much Kind Regards Siju

Re: Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server
Norway	2007-07-03 08:00:42
"Siju George" <sgeorge.mlgmail.com> writes: > I tried connecting from a network that is not firewalled by OpenBSD > and the VPN connection to the same Fortigate Server is working fine > and I am able to access the internal machines. Sounds almost like you need to pass at least one of the protocols gre and esp between the vpn hosts. I know at least some of the Cisco VPN products require both. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.lin ux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server
Canada	2007-07-11 01:08:45
Siju George writes: > All outbound TCP, UDP and ICMP traffic from the LAN is let out through PF. > > I am able to connect to another Fortigate IPSEC VPN Server on the > Internet using Forticlient on the same XP system but no data > communication happens between them. > > I tried connecting from a network that is not firewalled by OpenBSD > and the VPN connection to the same Fortigate Server is working fine > and I am able to access the internal machines. > > Is there any other traffic I should allow other than TCP,UDP,ICMP on > the firewall to connect and pass traffic between the Fortigate VPN > server and the XP system using Forticlient? You didn't indicate whether the OpenBSD 4.0 is doing NAPT for your XP box or you have a binat setup. If NAPT then you must enable NAT traversal on the FortiGate. If you have setup a binat then you have the choice of enabling NAT traveral on the FortiGate or modifying pf to allow ESP (protocol 50) in&out.

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists

ARCHIVES