PIX firewalls and VPN
Novell Cool Solutions: Question & Answer
Reader Rating 
Q:
I am installing PIX firewalls on our WAN with a view to replacing the BM VPN with them. However, while they are being installed I will need to run the BM VPN through them. Could someone let me know which ports I should open on the PIX box for the BM VPN?
At the moment I have TCP 353, UDP 353, TCP 213 and TCP 2010 open inbound, but it doesn't seem to work. I have e-mail and Internet access via port 25/80, so that's OK.
A:
Is the PIX performing NAT, too? If so, you're out of luck unless you're using BM3.8. If they're not performing NAT, and you're using a version of Bm older than 3.8, you'll need the protocol #57 (SKIP) and UDP 2010 (NOT TCP 2010).
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com