Home » Kerio User Forums » Kerio Control » problem establishing VPN connection

Messages: 1
Karma: 0
Send a private message to this user
Dear all, I would like to ask for help, because it seems I am doing something wrong. I am trying to establish a VPN connection to remote site of other company with parameters they supplied to us, I am attaching below, could you please advise me what to set up so the connection would work?
Thank you in advance!! (english is not my first language so If i made any mistakes please forgive me).

Company1 Peer IP: IP_address_1
Company2 Peer IP: IP_address_2
Key Algorithm: UDP (500)
Company1 Subnet: (Complete Class B range for company1 communication to the systems)

Phase-1 (ISAKMP):

ISAKMP Auth Mode: Pre-shared secret: pre-shared key: (shall be communicated separately)
ISAKMP Encryption: AES128
ISAKMP Diffie-Hellman Group: Group2
ISAKMP Key Lifetime: 86400secs (24 hours)

Phase-2 (IPSec):

Perfect Forward Secrecy: Off
IPSEC Encapsulation: Tunnel Mode
IPSEC Protocol Type: ESP
IPSEC Cipher Algorithm: AES128
IPSEC Authentication: SHA128
IPSEC SA Lifetime: 3600 sec (1 hour)

VPN Encryption Domain/ACL to be configured @Host level :

============================================================ ==============
The following parameters should also be taken into consideration:
PFS should be OFF
NAT Traversal should be DISABLED
Phase 1 mode: MAIN Mode

We would require the following ports and protocols allowed on your Firewall for communication between COMPANY1 and the systems onsite:

ftp TCP 21
ssh/sftp TCP 22
telnet TCP 23, 2327, 2328 (2327 & 2328 CT/PET only)
http TCP 80, 8080, 3003, 3128, 4444 (3128 XR only, 3003 & 4444 UL only)
https TCP 443, 2381 (UL only)
Rexec TCP 512
XR Console Emulation TCP 3003, 3276-3277
RDP TCP 3389
VNC TCP 5800, 5900
MR firmware diags TCP 8100
Multi-vendor telnet proxy TCP 31415
ftp TCP 20
http TCP 80, 8002
https TCP 443
GEHC diagnostics TCP 7979
X-Windows TCP 6000-6200

Previous Topic: Can Not Access Port Forwarding
Next Topic: the AD server can not connect to internet via automatic login
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 20 09:24:45 CET 2018

Total time taken to generate the page: 0.79208 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.