I would like to unsubscribe. Thanks.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 29, 2002 12:49 AM
To: [EMAIL PROTECTED]
Subject: Firewalls digest, Vol 1 #793 - 6 msgs
Send Firewalls mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.gnac.net/mailman/listinfo/firewalls
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Firewalls digest..."
Today's Topics:
1. Product Recommendation ([EMAIL PROTECTED])
2. RE: Product Recommendation (Clark, Steve)
3. Re: Product Recommendation (Ron DuFresne)
4. Kinda of OT ([EMAIL PROTECTED])
5. wireless woes in the triangle and beyond! (Ron DuFresne)
6. RE: Can't establish a VPN Connection (Ralph Los)
--__--__--
Message: 1
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Product Recommendation
Date: Tue, 28 May 2002 17:30:51 -0500
My environment consists of NT4 Servers SP6a. Our web server hosts
multiple
web sites. We are using Proxy Server 2 for our user's Internet access
gateway and for routing inbound Internet requests to the correct web
site.
We are on a single subnet LAN and the router has only the basic
firewall
configured; no other filter or filter sets.
Our business requires us to connect to various customer's systems.
These
systems can be AS400 machines, DEC VAX machines and Windows based
machines.
More and more we are seeing customers request that we use their VPN
solutions for connectivity. Various emulation applications are used
along
with the VPN connections as all our desktops are W2K.
Proxy Server is preventing us from making some VPN connections because
of
the NATing that it does. We think that a firewall is the solution. The
product needs to:
Allow multiple site-to-site VPN connections
Allow VPN connections to be made from desktops inside our LAN
Allow IPSec and PPTP and other protocols/encryptions thru
Route incoming Internet requests to the correct private IP addresses of
our
web sites
Replace Proxy Server as the Internet gateway
Can you experts give me some recommendations on brands and models that
will
accommodate this?
As you can tell, I'm new to the details of firewalls. Thanks for any
suggestions/help in advance.
Bill Lambert
Endoxy Healthcare
847-941-9206
[EMAIL PROTECTED]
--__--__--
Message: 2
From: "Clark, Steve" <[EMAIL PROTECTED]>
To: #Firewalls <[EMAIL PROTECTED]>
Subject: RE: Product Recommendation
Date: Tue, 28 May 2002 18:39:29 -0400
Even the lower models of Netscreens will do this.
Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
The data furnished in connection with this document is deemed by Clark
Systems Support, LLC., to contain proprietary and privileged information
and
shall not be disclosed or used for the benefit of others without the
prior
written permission of Clark Systems Support, LLC.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 28, 2002 6:31 PM
To: [EMAIL PROTECTED]
Subject: Product Recommendation
My environment consists of NT4 Servers SP6a. Our web server hosts
multiple
web sites. We are using Proxy Server 2 for our user's Internet access
gateway and for routing inbound Internet requests to the correct web
site.
We are on a single subnet LAN and the router has only the basic
firewall
configured; no other filter or filter sets.
Our business requires us to connect to various customer's systems.
These
systems can be AS400 machines, DEC VAX machines and Windows based
machines.
More and more we are seeing customers request that we use their VPN
solutions for connectivity. Various emulation applications are used
along
with the VPN connections as all our desktops are W2K.
Proxy Server is preventing us from making some VPN connections because
of
the NATing that it does. We think that a firewall is the solution. The
product needs to:
Allow multiple site-to-site VPN connections
Allow VPN connections to be made from desktops inside our LAN
Allow IPSec and PPTP and other protocols/encryptions thru
Route incoming Internet requests to the correct private IP addresses of
our
web sites
Replace Proxy Server as the Internet gateway
Can you experts give me some recommendations on brands and models that
will
accommodate this?
As you can tell, I'm new to the details of firewalls. Thanks for any
suggestions/help in advance.
Bill Lambert
Endoxy Healthcare
847-941-9206
[EMAIL PROTECTED]
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go
to:
http://lists.gnac.net/mailman/listinfo/firewalls
--__--__--
Message: 3
Date: Tue, 28 May 2002 18:06:16 -0500 (CDT)
From: Ron DuFresne <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Product Recommendation
On Tue, 28 May 2002 [EMAIL PROTECTED] wrote:
> My environment consists of NT4 Servers SP6a. Our web server hosts
multiple
> web sites. We are using Proxy Server 2 for our user's Internet access
> gateway and for routing inbound Internet requests to the correct web
site.
> We are on a single subnet LAN and the router has only the basic
firewall
> configured; no other filter or filter sets.
>
> Our business requires us to connect to various customer's systems.
These
> systems can be AS400 machines, DEC VAX machines and Windows based
machines.
> More and more we are seeing customers request that we use their VPN
> solutions for connectivity. Various emulation applications are used
along
> with the VPN connections as all our desktops are W2K.
>
> Proxy Server is preventing us from making some VPN connections because
of
> the NATing that it does. We think that a firewall is the solution.
The
> product needs to:
>
> Allow multiple site-to-site VPN connections
> Allow VPN connections to be made from desktops inside our LAN
Many <most?> folks like to terminate the VPN on a DMZ net, and make
users
work from there out, especially if the VPN is not a tunnel to more
direct
internal corporate structures, say branch offices and such. Allowing
the
tunnel all the way to the desktop does not allow the finer grain of
control. Additionally, you may want to come up with some kind of
assurances that these partners secruity polices are at least as strong
as
your own, prior to agreeing to any tunneling. This may well include not
only NDA's and security specifics in contracts and SLA's you may need
signed off on, but additionally thrid party audits to ensure such is in
place. How do you or they know if you have emloyeees on the road oor
working from home with tunnels inside and unsecured machines they are
working from, say they might be tunneled in and still browsing the net
or
playing in IRC. How do you or they know one side has not violated it;s
security polcies totally with an insecured implimentation of wireless
toys? Thus the thrid party audits and sharing of results. Especially
with the coming requirements and concerns for HIPPA, which your
organization is probably going to have to comit to and deal with these
coming months. Some of these requirements are going to extend
to at least a degree to those companies you are sharing
connections/information with, and will be part of federal auditing and
assurances in the first quarter next year.
Thanks,
Ron DuFresne
> Allow IPSec and PPTP and other protocols/encryptions thru
> Route incoming Internet requests to the correct private IP addresses
of our
> web sites
> Replace Proxy Server as the Internet gateway
>
> Can you experts give me some recommendations on brands and models that
will
> accommodate this?
>
> As you can tell, I'm new to the details of firewalls. Thanks for any
> suggestions/help in advance.
>
>
>
> Bill Lambert
> Endoxy Healthcare
> 847-941-9206
> [EMAIL PROTECTED]
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> For Account Management (unsubscribe, get/change password, etc) Please
go to:
> http://lists.gnac.net/mailman/listinfo/firewalls
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
--__--__--
Message: 4
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Kinda of OT
Date: Tue, 28 May 2002 09:26:09 -0400
This message is in MIME format. Since your mail reader does not
understand
this format, some or all of this message may not be legible.
------=_NextPartTM-000-73bdc2c4-f596-4a85-a8ec-5776cbaa9e58
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C2064B.3AAFD170"
------_=_NextPart_001_01C2064B.3AAFD170
Content-Type: text/plain;
charset="iso-8859-1"
Hey Gang does anyone know anything about modem security for PBX's? I
have a
quote for TraqNet but MAN is it expensive. Does anyone else know of a
package?
Thanks
Steve Smith
------_=_NextPart_001_01C2064B.3AAFD170
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:[EMAIL PROTECTED]";>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Hey Gang does anyone know anything about modem =
security for
PBX's? I have a quote for <span class=3DSpellE>TraqNet</span> but MAN =
is it
expensive. Does anyone else know of a =
package?<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Thanks<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;mso-no-proof:yes'>Steve Smith</span></font><span
style=3D'mso-no-proof:yes'><o:p></o:p></span></p>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
------_=_NextPart_001_01C2064B.3AAFD170--
------=_NextPartTM-000-73bdc2c4-f596-4a85-a8ec-5776cbaa9e58--
--__--__--
Message: 5
Date: Tue, 28 May 2002 21:39:58 -0500 (CDT)
From: Ron DuFresne <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: wireless woes in the triangle and beyond!
There Are No More Secrets
Ron DuFresne <c> 2002
A few weeks ago Best Buy was embarrassed throughout the country with the
finding that it was using POS <point of sales> cash registers that
worked
with wireless technology to cash various customers out when making
purchases. What was so humiliating for them was the discovery that
these
POS systems had been installed and implimented without any sense of
security. There was no encryption enabled with these devices so they
transmitted customer information via the airwaves to anyone that wished
to
capture it with the various techniques many people are now employing to
"map" wireless networks and security issues. This customer information
included credit card information. Nasty hackers could indeed use this
information for various fradulent activities. This breach of customer
privacy was deemed serious enough when it became highly visualized via
the
vuln-dev mailing list, maintained by Blue Boar, off securityfocus.com.
The flurry of correspondence on this list resulted in the media picking
up
the information and running with it also.
http://www.msnbc.com/news/746380.asp
This ended up by prompting Best Buy to make changes to the cashiering
systems as was noted in their response to one of the lists posters that
apparently made direct contact with Best Buy management:
Thank you for contacting Best Buy's corporate headquarters
with your concerns. Regarding this issue, Best Buy has
deactivated our temporary wireless cash registers that
transmit information via LAN connections.
These registers are not Best Buy's main register terminals
and represent a small percentage of the transactions
processed within our stores. Please be assured that
customer privacy is of the utmost importance to Best Buy and
we will further investigate this matter.
We do appreciate your taking the time to share your concerns
with us.
Respectfully,
Alex Reynolds
Contact Center Escalations
Best Buy Enterprise Customer Care
Now, it had been suggested in the vuln-dev mailing list that Best Buy
was
a single example, and just the tip of the iceberg, as anyone looking
into
the issues of wireless implimentations and issues via their own sniffing
and the various wireless mapping projects accross the US have laid bare.
http://sysinfo.com/wire1.html
The above paper cites some wireless mapping work in the NC Research
Triangle Park area by local resident Alan Clegg, with direct links to
his
mapping efforts. Recently Mr. Clegg contacted this author via e-mail
concerning another thread in the firewalls security mailing list hosted
by
gnac.net, on another wireless related topic, to let us know that in the
RTP area, he had mapped both Petsmart and CVS Pharmacies using wireless
technolgies without any encryption enabled. Whih starts to expose more
of
the proposed iceberg syndrome to light. Granted, WEP, Wired Equivalent
Privacy, is not the best, it can be broken, but, it takes far more
effort
then clear text flowing through the airwaves avialable to anyone with a
few hundred dollars worth of equipment to pick it up like one might grab
police calls with a scanner. If wireless is going to be used, it should
at least function in the most secure manner avaailable, anything less
demonstrates not only a lack of understanding, but, in cases like these
a
complete failure of corporate institutions to take even minimal care
with
the private information of their customers. Petsmart, following along
the
heels of the embarassment and humiliation of Best buy in letting credit
card information flow freely into the airwaves is bad enough, but, CVS
Pharmacies, soon to be tasked with HIPPA <Health Insurance Portability
and Accountability Act> compliance early next Spring demonstrates at the
best careless indifference to those they are serving. The Standards for
Privacy of Individually Identifiable Health Information are designed to
help guarantee privacy and confidentiality of patient medical and
insurance information. Those who miss the deadline for compliance face
steep fines and Federal criminal penalties. The glaring exposure of
customer information by companies and health related organizations like
CVS Pharmacies is a glaring deficiency and total disregard of very
sensitive customer information. And yet the iceberg of such negligence
in wireless rollouts is still but a shadow of the issue of private and
finacial information leakage many are suffering already, without much
awareness of the fact.
http://www.symbol.com/news/pressreleases/pr_foodndrug_cvs.html
The various vendors marketing wireless toys are not blameless either.
In
fact a large burden of the blame for leakage of information and the
vulnerable systems being pushed into place by companies like Best Buy
and
Petsmart, as well as CVS and others relates to how they distribute their
wares. They do so with the most insecure "plug and pray" configurations
possible, most often with documentation about how to try and secure
these
toys burried deep in their distribution media. Until vedors take some
sense of responsibility and force their customers to shoot themselves in
the foot, rather then pushing out products that are configured in a
manner
whence their customers are shot in the head from the point of
installation, we will continue to have some very exploitable setups by
the
less clued network folks these vendors are making their money from.
Additionally see, note the terms 'opt' when they document configuration
issues at the site, as well as targeted customer categories listed, then
wonder where *your* private information might be leaking from:
http://www.symbol.com/products/wireless/wireless_sp24_11mbps.html
...
AP 41X1 Access Point Series
It's known as the intelligent access point. Built beyond defined
standards, the AP 41X1 integrates features only possible from
the wireless engineering experts at Symbol. Advanced algorithms
prioritize data, voice and multimedia transmission for uninterrupted,
quality service. An embedded HTTP server allows administrators to use
any
Web browser to monitor performance, change configuration, and run
diagnostics on any AP 41X1 from anywhere on the network. Antenna
options
provide maximum range and throughput to support application
requirements with coverage up to 300 ft./90 m indoors and 1500 ft./460
m
outdoors and will support up to 256 clients as well as Simple Network
Management Protocol (SNMP).
...
WEP Encryption for High-Speed Security Wired Equivalent Privacy (WEP)
encryption combined with access control lists and domain identification
features provide powerful user authentication and data encryption and
decryption capabilities for data security. Wireless clients may also
opt to use 128-bit encryption keys and the RC4 algorithm to further
encrypt the wireless portion of data transmission.
...
Retail
Healthcare
Hospitality
Education and Corporate Training
Manufacturing
Government
More Flexible Office and Public Space Environments
Thanks;
To Alan Clegg for the mapping info and heads up to these
sites, as well as their wireless vendors.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
--__--__--
Message: 6
From: "Ralph Los" <[EMAIL PROTECTED]>
To: "'Noonan, Wesley'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Subject: RE: Can't establish a VPN Connection
Date: Fri, 24 May 2002 11:59:51 -0400
This message is in MIME format. Since your mail reader does not
understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C2033C.096C0370
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wesley,
That's not true - the newer versions are capable of using UDP
Encapsulation to make the product work just fine. I'm running
through 2! NATs and I'm using SecuRemote just peachy ;)
Bye,
Ralph Los
Sr. Security Engineer, Trainer
EnterEdge Technology - Atlanta
(770) 955-9899 x.206
[EMAIL PROTECTED]
::: -----Original Message-----
::: From: Noonan, Wesley [mailto:[EMAIL PROTECTED]]
::: Sent: Thursday, May 23, 2002 5:44 PM
::: To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
::: Subject: RE: Can't establish a VPN Connection
:::
:::
::: You using NAT in there somewhere? Is the SecuRemote client
::: IPSEC based? If so, then it won't work (read the IPSEC RFCs
::: for details).
:::
::: Wes Noonan, MCSE/CCNA/CCDA/NNCSS
::: Senior QA Rep.
::: BMC Software, Inc.
::: (713) 918-2412
::: [EMAIL PROTECTED]
::: http://www.bmc.com
:::
:::
::: > -----Original Message-----
::: > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
::: > Sent: Thursday, May 23, 2002 16:34
::: > To: [EMAIL PROTECTED]
::: > Subject: Can't establish a VPN Connection
::: >
::: > This is my first post to the list as I just joined today.
::: >
::: > I'm trying to establish a VPN connection from LAN side
::: computers to an
::: > AS400 machine using SecuRemote VPN and Client Access
::: (emulation app).
::: > I am going
::: > thru a MS Proxy server and a Netopia router with just the
::: basic firewall
::: > enabled. I cannot connect. I can, however, if I put a
::: PC outside the LAN
::: > with a public IP.
::: >
::: > The Proxy server has all ports open to the remote public
IP addy.
::: >
::: > Any ideas why I cannot connect from inside the LAN?
::: >
::: > Thanks for any help or advice.
::: >
::: >
::: >
::: >
::: > Bill Lambert
::: >
::: > Endoxy Healthcare
::: > 847-941-9206
::: > [EMAIL PROTECTED]
::: _______________________________________________
::: > Firewalls mailing list
::: > [EMAIL PROTECTED]
::: > For Account Management (unsubscribe, get/change password,
::: etc) Please go
::: > to:
::: > http://lists.gnac.net/mailman/listinfo/firewalls
::: _______________________________________________
::: Firewalls mailing list
::: [EMAIL PROTECTED]
::: For Account Management (unsubscribe, get/change password,
::: etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
:::
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: - CONFIDENTIAL - EnterEdge Technology - Atlanta
iQA/AwUBPO5jdtHd2BwtibfpEQJ+1ACgpG1iEttEF4APiG0fucfptlbklEoAoMWT
gy4NYHiOYoupoNX6QfZYksm/
=/3hq
-----END PGP SIGNATURE-----
------_=_NextPart_001_01C2033C.096C0370
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: Can't establish a VPN Connection</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2> </FONT>
<BR><FONT SIZE=2>-----BEGIN PGP SIGNED MESSAGE-----</FONT>
<BR><FONT SIZE=2>Hash: SHA1</FONT>
</P>
<P><FONT SIZE=2>Wesley,</FONT>
</P>
<P> <FONT SIZE=2>That's not
true - the newer versions are capable of using UDP</FONT>
<BR><FONT SIZE=2>Encapsulation to make the product work just fine.
I'm running</FONT>
<BR><FONT SIZE=2>through 2! NATs and I'm using SecuRemote just peachy
;)</FONT>
</P>
<P><FONT SIZE=2>Bye,</FONT>
</P>
<P><FONT SIZE=2>Ralph Los</FONT>
<BR><FONT SIZE=2> Sr. Security Engineer, Trainer</FONT>
<BR><FONT SIZE=2> EnterEdge Technology - Atlanta</FONT>
<BR><FONT SIZE=2> (770) 955-9899 x.206</FONT>
<BR><FONT SIZE=2> [EMAIL PROTECTED]</FONT>
</P>
<BR>
<P><FONT SIZE=2>::: -----Original Message-----</FONT>
<BR><FONT SIZE=2>::: From: Noonan, Wesley [<A
HREF="mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]</A>]
</FONT>
<BR><FONT SIZE=2>::: Sent: Thursday, May 23, 2002 5:44 PM</FONT>
<BR><FONT SIZE=2>::: To: '[EMAIL PROTECTED]';
[EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=2>::: Subject: RE: Can't establish a VPN
Connection</FONT>
<BR><FONT SIZE=2>::: </FONT>
<BR><FONT SIZE=2>::: </FONT>
<BR><FONT SIZE=2>::: You using NAT in there somewhere? Is the SecuRemote
client </FONT>
<BR><FONT SIZE=2>::: IPSEC based? If so, then it won't work (read the
IPSEC RFCs </FONT>
<BR><FONT SIZE=2>::: for details).</FONT>
<BR><FONT SIZE=2>::: </FONT>
<BR><FONT SIZE=2>::: Wes Noonan, MCSE/CCNA/CCDA/NNCSS</FONT>
<BR><FONT SIZE=2>::: Senior QA Rep.</FONT>
<BR><FONT SIZE=2>::: BMC Software, Inc.</FONT>
<BR><FONT SIZE=2>::: (713) 918-2412</FONT>
<BR><FONT SIZE=2>::: [EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=2>::: <A HREF="http://www.bmc.com";
TARGET="_blank">http://www.bmc.com</A></FONT>
<BR><FONT SIZE=2>::: </FONT>
<BR><FONT SIZE=2>::: </FONT>
<BR><FONT SIZE=2>::: > -----Original Message-----</FONT>
<BR><FONT SIZE=2>::: > From: [EMAIL PROTECTED] [<A
HREF="mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]</A>]</FONT>
<BR><FONT SIZE=2>::: > Sent: Thursday, May 23, 2002 16:34</FONT>
<BR><FONT SIZE=2>::: > To: [EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=2>::: > Subject: Can't establish a VPN
Connection</FONT>
<BR><FONT SIZE=2>::: > </FONT>
<BR><FONT SIZE=2>::: > This is my first post to the list as I just
joined today.</FONT>
<BR><FONT SIZE=2>::: > </FONT>
<BR><FONT SIZE=2>::: > I'm trying to establish a VPN connection from
LAN side </FONT>
<BR><FONT SIZE=2>::: computers to an </FONT>
<BR><FONT SIZE=2>::: > AS400 machine using SecuRemote VPN and Client
Access </FONT>
<BR><FONT SIZE=2>::: (emulation app). </FONT>
<BR><FONT SIZE=2>::: > I am going</FONT>
<BR><FONT SIZE=2>::: > thru a MS Proxy server and a Netopia router
with just the </FONT>
<BR><FONT SIZE=2>::: basic firewall</FONT>
<BR><FONT SIZE=2>::: > enabled. I cannot connect. I can,
however, if I put a </FONT>
<BR><FONT SIZE=2>::: PC outside the LAN</FONT>
<BR><FONT SIZE=2>::: > with a public IP.</FONT>
<BR><FONT SIZE=2>::: > </FONT>
<BR><FONT SIZE=2>::: > The Proxy server has all ports open to the
remote public</FONT>
<BR><FONT SIZE=2>IP addy.</FONT>
<BR><FONT SIZE=2>::: > </FONT>
<BR><FONT SIZE=2>::: > Any ideas why I cannot connect from inside the
LAN?</FONT>
<BR><FONT SIZE=2>::: > </FONT>
<BR><FONT SIZE=2>::: > Thanks for any help or advice.</FONT>
<BR><FONT SIZE=2>::: > </FONT>
<BR><FONT SIZE=2>::: > </FONT>
<BR><FONT SIZE=2>::: > </FONT>
<BR><FONT SIZE=2>::: > </FONT>
<BR><FONT SIZE=2>::: > Bill Lambert</FONT>
<BR><FONT SIZE=2>::: > </FONT>
<BR><FONT SIZE=2>::: > Endoxy Healthcare</FONT>
<BR><FONT SIZE=2>::: > 847-941-9206</FONT>
<BR><FONT SIZE=2>::: > [EMAIL PROTECTED] </FONT>
<BR><FONT SIZE=2>:::
_______________________________________________</FONT>
<BR><FONT SIZE=2>::: > Firewalls mailing list</FONT>
<BR><FONT SIZE=2>::: > [EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=2>::: > For Account Management (unsubscribe,
get/change password, </FONT>
<BR><FONT SIZE=2>::: etc) Please go</FONT>
<BR><FONT SIZE=2>::: > to:</FONT>
<BR><FONT SIZE=2>::: > <A
HREF="http://lists.gnac.net/mailman/listinfo/firewalls";
TARGET="_blank">http://lists.gnac.net/mailman/listinfo/firewalls</A></FO
NT>
<BR><FONT SIZE=2>:::
_______________________________________________</FONT>
<BR><FONT SIZE=2>::: Firewalls mailing list</FONT>
<BR><FONT SIZE=2>::: [EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=2>::: For Account Management (unsubscribe, get/change
password, </FONT>
<BR><FONT SIZE=2>::: etc) Please go to:</FONT>
<BR><FONT SIZE=2><A
HREF="http://lists.gnac.net/mailman/listinfo/firewalls";
TARGET="_blank">http://lists.gnac.net/mailman/listinfo/firewalls</A></FO
NT>
<BR><FONT SIZE=2>::: </FONT>
</P>
<P><FONT SIZE=2>-----BEGIN PGP SIGNATURE-----</FONT>
<BR><FONT SIZE=2>Version: PGPfreeware 7.0.3 for non-commercial use
<<A HREF="http://www.pgp.com";
TARGET="_blank">http://www.pgp.com</A>></FONT>
<BR><FONT SIZE=2>Comment: - CONFIDENTIAL - EnterEdge Technology -
Atlanta</FONT>
</P>
<P><FONT
SIZE=2>iQA/AwUBPO5jdtHd2BwtibfpEQJ+1ACgpG1iEttEF4APiG0fucfptlbklEoAoMWT<
/FONT>
<BR><FONT SIZE=2>gy4NYHiOYoupoNX6QfZYksm/</FONT>
<BR><FONT SIZE=2>=/3hq</FONT>
<BR><FONT SIZE=2>-----END PGP SIGNATURE-----</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C2033C.096C0370--
--__--__--
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go
to:
http://lists.gnac.net/mailman/listinfo/firewalls
End of Firewalls Digest
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
