'RE: GVPN and/or PGPnet problem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gauntlet-user
Subject:    RE: GVPN and/or PGPnet  problem
From:       "Fesman, Dina" <Dina_Fesman () NAI ! com>
Date:       1999-08-23 17:25:19
[Download RAW message or body]

You shouldn't have to reboot.  Just stop and restart the IKE service.



> -----Original Message-----
> From:	Fiamingo, Frank [SMTP:FiamingF@strsoh.org]
> Sent:	Monday, August 23, 1999 9:52 AM
> To:	dina_fesman@nai.com
> Subject:	RE: GVPN and/or PGPnet  problem
> 
> I had a lot of trouble with this also.  First, I had to upgrade to version
> 6.5.1 of PGPnet.
> Second, changes made to the client don't always seem to take - sometimes
> it
> takes
> several reboots before the client actually uses the information.  Third,
> if
> you're using
> the X.509 certificates you MUST use RSA certs.  
> 
> 	Hope this helps,
> 	Frank
> 
> > -----Original Message-----
> > From:	Evgueni Martynov [SMTP:Evguenim@ASCIITECH.com]
> > Sent:	Monday, August 16, 1999 12:18 PM
> > To:	fiamingf@strsoh.org
> > Subject:	GVPN and/or PGPnet  problem
> > 
> > Hello,everybody;
> > 
> > We are having some trouble setting up the VPN using the Gauntlet VPN
> > server
> > and the PGPnet client.  
> > We have two networks in our lab.
> > 192.168.3.0  - inside network
> > 192.168.4.0  - outside network
> > Firewall Gauntlet GVPN v5.0 NT (192.168.4.25)
> > Client: PGP Desktop Security v6.5 RSA  - PGPnet VPN (192.168.4.75)
> > ftp and telnet server - 192.168.3.10
> > Firewall and PGPnet client have certificates issued by Certificate
> > Authority
> > (Net Tools PKI server).
> > 
> > I set up "private link" for VPN and try to connect (telnet or ftp) 
> > from outside computer with PGPnet VPN Client to inside,
> > but I can't connect :-(
> > What's wrong?
> > 
> > This is several strings from log file:
> > 
> > <13> 1999-08-16 09:32:58 gauntlet: IPSEC non-encrypted output packet
> > discarded: link: VPN Link 1 if=1903a8c0 src=192.168.3.0 gw=0.0.0.0,
> > dst=0.0.0.0
> > <13> 1999-08-16 09:33:07 gauntlet: informational: UDP packet allowed by
> > packet screening rule if=192.168.4.25 src=192.168.4.75,
> dst=192.168.4.25,
> > srcport=500, dstport=500
> > <13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed by
> > packet screening rule if=192.168.4.25 src=192.168.4.75,
> dst=192.168.4.25,
> > srcport=500, dstport=500
> > <13> 1999-08-16 09:33:08 GauntletIKE: Validating Peer's Certificate...
> > <13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed by
> > packet screening rule if=192.168.4.25 src=192.168.4.75,
> dst=192.168.4.25,
> > srcport=500, dstport=500
> > <13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed by
> > packet screening rule if=192.168.4.25 src=192.168.4.75,
> dst=192.168.4.25,
> > srcport=500, dstport=500
> > <13> 1999-08-16 09:33:08 gauntlet: informational: UDP packet allowed by
> > packet screening rule if=192.168.4.25 src=192.168.4.75,
> dst=192.168.4.25,
> > srcport=500, dstport=500
> > <13> 1999-08-16 09:33:11 telnet: permit host=nodnsquery/192.168.4.75
> > destination=192.168.3.10 port=23
> > <13> 1999-08-16 09:33:11 gauntlet: IPSEC non-encrypted output packet
> > discarded: link: VPN Link 1 if=1903a8c0 src=192.168.3.0 gw=0.0.0.0,
> > dst=0.0.0.0
> > 
> > after some time ...
> > 
> > <13> 1999-08-16 09:33:34 gauntlet: IPSEC non-encrypted output packet
> > discarded: link: VPN Link 1 if=1903a8c0 src=192.168.3.0 gw=0.0.0.0,
> > dst=0.0.0.0
> > 
> > <13> 1999-08-16 09:34:00 telnet: connected host=nodnsquery/192.168.4.75
> > destination=192.168.3.10 port=23
> > 
> > <13> 1999-08-16 09:43:54 telnet: exit host=nodnsquery/192.168.4.75
> > dest=192.168.3.10 in=0 out=0 user=unauth duration=643
> > --------------------
> > ftp session with "private link" :
> > 
> > <13> 1999-08-12 09:15:54 ftp: permit host=nodnsquery/192.168.4.75
> connect
> > to
> > 192.168.3.99
> > <13> 1999-08-12 09:16:44 ftp: [tid=151] CONN_SERVER - failed -
> > dest=192.168.3.99 port=0x15!!
> > 
> > <13> 1999-08-12 09:19:32 ftp: [tid=151] CONN_SERVER - failed -
> > dest=192.168.3.99 port=0x15!!
> > <13> 1999-08-12 09:19:32 ftp: exit host=nodnsquery/192.168.4.75 cmds=1
> > in=0
> > out=0 user=unauth duration=218 [tid=151] DO_REQ
> > 
> > on the client:
> > 
> > C:\>ftp 192.168.3.99
> > Connected to 192.168.3.99.
> > 521 192.168.3.99: connect: 10060
> > User (192.168.3.99:(none)):
> > 220 lab1 FTP proxy (Version 5.0) ready.
> > ftp> ls
> > 521 192.168.3.99: connect: 10060
> > Connection closed by remote host.
> > ftp>
> > 
> > ---------------------
> > 
> > When I use "trusted link" in GVPN, I can telnet/ftp from outside
> computer
> > to
> > inside network, but I can't connect from  inside computers to outside!
> > The
> > only allowed connection is  -
> > between inside computer (behind the firewall) and computer with PGPnet
> VPN
> > (witch has a certificate issued by CA) 
> > 
> > 
> > Has anybody had such problem with Gauntlet GVPN v5.0 and PGPnet?
> > Any comments would be greatly appreciated.
> > 
> > Thank you.
> > Evgueni.
> > 
> > 

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic