Home networks not designed and/or implemented by Honeywell GTS, are not within of the scope of the support model for iPass/Remote Access. The following tips are offered as a resource for working with your ISP or network provider to resolve any connectivity problems.
The following Ports are required to be open on your local router (wired or wireless) for iPass and CheckPoint VPN-1 SecureClient:
Port 80 for iPassConnectEngine.exe (iPass destination server IP 216.239.109.200)
TCP 443 for Visitor Mode
Protocol 50 for ESP
UDP 10000 for UDP Encapsulation
UDP 500 for IKE
TCP 500 for IKE over TCP
TCP 18231 for Policy Server logon when the client is inside the network
UDP 18233 for Keep alive protocol when the client is inside the network
TCP 18232 for Distribution Server when the client is inside the network
TCP 264 for topology downloads
UCP 259 for MEP configuration
UDP 18234 for performing tunnel test when the client is inside the network
TCP 18264 for ICA certificate registration
Ports 500 & 10,000 (both TCP and UDP) need to be opened for the VPN tunnel by the ISP. Please contact them. Make sure that your personal router has these same ports opened. IPSEC needs to be enabled. This includes offices, hotels and homes. (Direct connect or wireless)
Cable Modem
Single Direct Connection - For stand-alone PCs that do not use routing device.
Ensure the ISP supports IPSec and is configured to allow IPSec traffic to pass
Connect the PC directly to the cable modem
Power up the cable modem, then the PC
Test for Internet connectivity before launching iPass.
See the hardware documentation for configuration details or contact the hardware vendor or ISP for additional troubleshooting recommendations.
Sharing connection with a router (Wired or Wireless)
In general, routing devices used to network other PCs to a cable modem are the primary source of VPN connectivity problems. These devices may have the capability to act as a firewall, router and may provide Network Address Translation (NAT).
Ensure the ISP supports IPSec and is configured to allow IPSec traffic to pass
Bypass the router by connecting the PC directly to the cable modem
Power up the cable modem then the PC
Test for Internet connectivity before launching IPASS
After successfully connecting to IPASS while bypassing the routing device, you can reconnect the PC and router in the correct manner. You may need to reboot everything. Be sure to first start up the cable modem, then the router, then the PC.
Ensure your router supports IPSec, (sometimes referred to as IPSec pass through or VPN pass through), and it is enabled. See your hardware documentation for configuration details or contact your hardware vendor or ISP for more information.
You may have to disable any firewall feature on your router.
Make sure your router firmware is current. Even though the configuration looks like it supports IPSec traffic, a firmware upgrade may be necessary to get connected. Check your hardware vendor's website for the latest firmware updates and instructions to update your hardware.
See the hardware documentation for configuration details or contact the hardware vendor or ISP for additional troubleshooting recommendations.
DSL
DSL devices are usually routing devices as well, and are frequently the target of connectivity problems. As with cable modems, successful DSL connections require that the ISP support IPSec and be configured to allow IPSec traffic to pass. See your hardware documentation for configuration details or contact your hardware vendor or ISP for additional troubleshooting recommendations.
Recommended Wireless Routers:
LinkSys and Netgear. Wired and wireless.
Routers known to not work with IPASS/CheckPoint Client:
DLink routers
EMEA:
Any router that connects via USB cable and shows up as a dial up device cannot be used. We found this specifically in some of the BT Voyager modems/routers (British Telecom 105). If it can be configured with manufacturer firmware to show up as a broadband device it should be configurable in the IPASS product.
Any AOL provided broadband solution: (such as RoadRunner).
USA:
Any router that connects via USB cable and shows up as a dial up device cannot be used unless it truly has a dial up option.
ADSL routers utilizing PPPOa cannot be used because they are not able to been configured as a broadband device.
Any AOL provided broadband solution: (such as RoadRunner).
No comments:
Post a Comment