Greig McGill wrote:

> As promised:
>
> Those ports are:
> UDP - ports 2746, 500, 259, and 5678
> TCP - port 500
>

With a Securemote client behind the Nokia M10 and later an M11,

using IKE with ESP, I didn't need any of those ports.

The FW1 server was on the public internet.

IKE/IPsec on Checkpoint uses UDP 500 for key exchange. As this is an
outbound connection, it doesn't need a pinhole on the M10/11

If using ESP then an IP Type 50 pinhole was required.

Port 259 UDP is used if using FWZ encryption (You need to encapsulate).

If using FW1 4.1 SP2 client and server, you can enable a feature called 'UDP
Encapsulation' which uses UDP 2746 to encapsulate IKE.

http://www.phoneboy.com/fw1/faq/0141.html

This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Fri Dec 1 09:27:30 2000