billdossett wrote:
hmm, well, firewall admin is travelling today, not much help, I'll have to pretty much start all over with someone else.
Curious though.... I just ran wireshark on the desktop during a connection. The view client is running on an ADSL line with NAT and has an address private address of 192.168.2.68.
What I am seeing on the desktop with the agent is the desktop trying to connect to 192.168..2.68 on port UDP 4172 destination port 50002. Two things seem unusual. First is that it is trying to connect directly to the client, not connecting to the security server and then security server connecting to the client. Second is that it is using the private IP address of 192.168... I wouldn't think that would work and isn't going anywhere. On the view desktop, I am only seeing outgoing packets to that address, no incoming packets at all. Unless a tunnel has been setup at that point, which it may have been done, I don't know, I wouldn't think you could try and talk directly to a private IP address, I would think it would be the public NAT address of the ADSL router which is 81.138.x.x
Does this seem normal? I know there are IPSEC tunnels being setup, not between the agent and the client as far as I was aware. I had no intention of digging this deep, but it is interesting anyway.
Just give the firewall admin the 4172 ports list referenced as one of the 3 steps in the article referenced above.
The traffic you are seeing from the desktop is normal and not the cause of your problem.
If you are not seeing UDP datagrams on destination port 4172 from your client to your Security Server then fix that block first.
Go through the article. When it is set up as described by those 3 steps it works first time and every time.
Mark