RE: Borderware IPSec Client

bob bobing Wed, 19 Sep 2001 07:48:04 -0700
Well have you looked thought the logs of the firewall
at work? are you sure nothing is getting denied?

Just as a test you could try getting a static nat
session for your internal ip at work, this will also
help while watching the log file.

then tail -f /your/logs | egrep
'(1\.1\.1\.1\|2\.2\.2\.2|3\.3\.3\.3)'

1 being your ip on the internal network
2 being your global static ip on the outside of the
firewall
3 being the dest for the ipsec tunnel.


--- Erwin Geirnaert <[EMAIL PROTECTED]> wrote:
> Hi Bob
> 
> I'm using ESP.
> 
> Thanks.
> 
> Erwin
> 
> -----Original Message-----
> From: bob bobing [mailto:[EMAIL PROTECTED]]
> Sent: woensdag 19 september 2001 5:40
> To: Erwin Geirnaert; Firewalls (E-mail)
> Subject: Re: Borderware IPSec Client
> 
> 
> It may be because of the type of ipsec connection
> you
> are using. I'm going to assume you are using NAT
> with
> the FW at work.  I think you need to see if you are
> using AH (i think proto 51) AH doesn't like NAT
> (don't
> quote me on this:) ) i think because it takes a md5
> checksum of the packet. So going on this nat would
> make an ipsec packet invalid because you just
> changed
> the src address. I've never used the borderware
> ipsec
> client, so i can't tell you what to look at per say,
> but see if there is an option to disable AH (Auth
> Header)
> 
> --- Erwin Geirnaert <[EMAIL PROTECTED]> wrote:
> > Hi guys
> > 
> > I'm having problems with the Borderware IPSec
> > Client.
> > If I connect trough my cable provider at home, I
> can
> > connect.
> > At work it doesn't work, although the firewall
> > allows my PC to connect.
> > The fw is configured to allow IP protocol 50, IP
> > protocol 51 and IKE.
> > The IKE handshaking works and in the connection
> > monitor I see the increase
> > in secured packets/kb sent.
> > 
> > What am I missing?
> > 
> > TIA
> > 
> > Erwin
> > 
> > 
> 
> 
> __________________________________________________
> Terrorist Attacks on U.S. - How can you help?
> Donate cash, emergency relief information
>
http://dailynews.yahoo.com/fc/US/Emergency_Information/
> 


__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
RE: Borderware IPSec Client

Reply via email to
