Date: Tue, 30 Dec 1997 18:04:40 -0600 From: Jim Manley <jmanley@metronet.com> To: "DaveF" <flynnd@bignet.net>, <freebsd-questions@freebsd.org> Subject: Re: Passthrough for VPN via FreeBSD Firewall Message-ID: <97123018131100.00715@darkstar.metronet.com> In-Reply-To: <002001bfd27c$f0b90c20$0f05a8c0@pit.net> References: <002001bfd27c$f0b90c20$0f05a8c0@pit.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 09 Jun 2000, DaveF wrote: >=20 > Does anyone know if you can pass VPN info through a FreeBSD firewall? I= am > trying to set up a VPN from a MS client behind a firewall to a distant = VPN > server. >=20 Depends on the VPN software you are using. If it is IPSec compliant and = you are not doing NAT on the firewall, you will need to pass UDP port 500 for= the ISAKMP setup. You will also need to be able to pass IP protocol types 50= and 51. If you are using digital certificates, you'll need to pass TCP 389 (= ldap). If you are doing NAT, it may not work since the server will be trying to = setup=20 the secure associations with the client and the firewall will be "in the = way" in the sense that it is the termination point the server sees but doesn't= have the software necessary to set up the secure tunnels. > Can this be done. I can get the CA but when the client tries to connect= to=20 > the VPN server, something happens?=20 This is usually the result when the firewall is doing NAT and the client = cannot communicate directly with the server. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97123018131100.00715>