Hi,
I have a static IP/ADSL line and use a Zyxel Prestige 643 router as the modem/router+firewall. The router has NAT enabled and serves as the DHCP server for my local LAN. I am able to do almost everything except VPN out to my work place (we use Nortel's Contivity VPN client). I opened up port 500 (UDP) to allow ISAKMP traffic - this got me past the first stage. A network trace revealed 3 packets being exchanged for ISAKMP aggressive on srcport==dstport==500. The subsequent packet from my machine seems to choose a random UDP port. I have seen port# between
1450-1700 being used. I think this is an IP packet encapsulated in UDP. However, I never get a response back since that port is typically blocked on my firewall. I continue to see ISAKMP informational packets on port 500 but at about this point the VPN software gives up.Has anyone encountered a similar problem ? Any suggestions on what I can do to get the traffic to pass through with out opening up my firewall.
Thanks, ~sri
srikantkt (at) REMOVE_SPAM gmail (dot) com