RE: Cisco VPN Client..... [7:2865]
-Original Message- From: Jason Roysdon [mailto:[EMAIL PROTECTED]] Sent: 02 May 2001 21:18 To: [EMAIL PROTECTED] Subject: Re: Cisco VPN Client. [7:2865] And folks get protocols and tcp/udp ports confused. It's not simply running on another port, but a different protocol (ESP). ... and IKE uses UDP port 500. A required protocol for automated key exchange. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You should permit ip protocols 50 and 51 ( IPSec AH and ESP ) on the firewall. http://www.cisco.com/cgi-bin/Support/PSP/psp_view.pl?p=Hardwar e:PIXs=Softwa re_Configuration#Software_Samples_%26_Tips watch the word wrap you need a CCO login to get here, but there are a lot of configuration and troubleshooting examples HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greene, Patrick Sent: Wednesday, May 02, 2001 2:49 AM To: [EMAIL PROTECTED] Subject: Cisco VPN Client. [7:2865] Is there anyway to force the Cisco VPN client to use port 80 for communications? This would be used to get through firewall's allowing only port 80. Thank You, Patrick Greene CCNP,CCDP,MCSE,MCNE Information Technologies Enterprises Email:[EMAIL PROTECTED] Office:800-535-6544 Mobile:704-953-6949 Fax:704-896-5797 URL: www.infotechent.net and www.alwaysweb.com [GroupStudy.com removed an attachment of type image/gif which had a name of PRTNRPR.GIF] [GroupStudy.com removed an attachment of type image/bmp which had a name of MCSP_P.bmp] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3014t=2865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Client..... [7:2865]
You should permit ip protocols 50 and 51 ( IPSec AH and ESP ) on the firewall. http://www.cisco.com/cgi-bin/Support/PSP/psp_view.pl?p=Hardware:PIXs=Softwa re_Configuration#Software_Samples_%26_Tips watch the word wrap you need a CCO login to get here, but there are a lot of configuration and troubleshooting examples HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greene, Patrick Sent: Wednesday, May 02, 2001 2:49 AM To: [EMAIL PROTECTED] Subject:Cisco VPN Client. [7:2865] Is there anyway to force the Cisco VPN client to use port 80 for communications? This would be used to get through firewall's allowing only port 80. Thank You, Patrick Greene CCNP,CCDP,MCSE,MCNE Information Technologies Enterprises Email:[EMAIL PROTECTED] Office:800-535-6544 Mobile:704-953-6949 Fax:704-896-5797 URL: www.infotechent.net and www.alwaysweb.com [GroupStudy.com removed an attachment of type image/gif which had a name of PRTNRPR.GIF] [GroupStudy.com removed an attachment of type image/bmp which had a name of MCSP_P.bmp] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2883t=2865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Client..... [7:2865]
hehe...funny. If you could it'd be a big time security hole! Besides...it requires 2 ports to work. I think this was the subject of the April fools RFC this year too. Port 80 being used to run tunnels so you don't have to bother with the network admin to get your job done. ;) I noticed that PCAnywhere won't allow you to go down to port 80 either. Allen May - Original Message - From: Greene, Patrick To: Sent: Wednesday, May 02, 2001 4:48 AM Subject: Cisco VPN Client. [7:2865] Is there anyway to force the Cisco VPN client to use port 80 for communications? This would be used to get through firewall's allowing only port 80. Thank You, Patrick Greene CCNP,CCDP,MCSE,MCNE Information Technologies Enterprises Email:[EMAIL PROTECTED] Office:800-535-6544 Mobile:704-953-6949 Fax:704-896-5797 URL: www.infotechent.net and www.alwaysweb.com [GroupStudy.com removed an attachment of type image/gif which had a name of PRTNRPR.GIF] [GroupStudy.com removed an attachment of type image/bmp which had a name of MCSP_P.bmp] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2889t=2865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Client..... [7:2865]
Some remote control software will allow you to port-hop to a specific port ... but it is a major security risk :). Thanks! TJ -Original Message- From: Allen May [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 02, 2001 11:14 To: [EMAIL PROTECTED] Subject:Re: Cisco VPN Client. [7:2865] hehe...funny. If you could it'd be a big time security hole! Besides...it requires 2 ports to work. I think this was the subject of the April fools RFC this year too. Port 80 being used to run tunnels so you don't have to bother with the network admin to get your job done. ;) I noticed that PCAnywhere won't allow you to go down to port 80 either. Allen May - Original Message - From: Greene, Patrick To: Sent: Wednesday, May 02, 2001 4:48 AM Subject: Cisco VPN Client. [7:2865] Is there anyway to force the Cisco VPN client to use port 80 for communications? This would be used to get through firewall's allowing only port 80. Thank You, Patrick Greene CCNP,CCDP,MCSE,MCNE Information Technologies Enterprises Email:[EMAIL PROTECTED] Office:800-535-6544 Mobile:704-953-6949 Fax:704-896-5797 URL: www.infotechent.net and www.alwaysweb.com [GroupStudy.com removed an attachment of type image/gif which had a name of PRTNRPR.GIF] [GroupStudy.com removed an attachment of type image/bmp which had a name of MCSP_P.bmp] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2921t=2865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Client..... [7:2865]
Depending on what you configure, you would require the first, and possible one or both of the latter: Protocol 50 (ESP) Protocol 51 (AH) Protocol 17 (UDP) Port 500 (ISAKMP) http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1700.html -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Allen May wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hehe...funny. If you could it'd be a big time security hole! Besides...it requires 2 ports to work. I think this was the subject of the April fools RFC this year too. Port 80 being used to run tunnels so you don't have to bother with the network admin to get your job done. ;) I noticed that PCAnywhere won't allow you to go down to port 80 either. Allen May - Original Message - From: Greene, Patrick To: Sent: Wednesday, May 02, 2001 4:48 AM Subject: Cisco VPN Client. [7:2865] Is there anyway to force the Cisco VPN client to use port 80 for communications? This would be used to get through firewall's allowing only port 80. Thank You, Patrick Greene CCNP,CCDP,MCSE,MCNE Information Technologies Enterprises Email:[EMAIL PROTECTED] Office:800-535-6544 Mobile:704-953-6949 Fax:704-896-5797 URL: www.infotechent.net and www.alwaysweb.com [GroupStudy.com removed an attachment of type image/gif which had a name of PRTNRPR.GIF] [GroupStudy.com removed an attachment of type image/bmp which had a name of MCSP_P.bmp] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2942t=2865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Client..... [7:2865]
And folks get protocols and tcp/udp ports confused. It's not simply running on another port, but a different protocol (ESP). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You should permit ip protocols 50 and 51 ( IPSec AH and ESP ) on the firewall. http://www.cisco.com/cgi-bin/Support/PSP/psp_view.pl?p=Hardware:PIXs=Softwa re_Configuration#Software_Samples_%26_Tips watch the word wrap you need a CCO login to get here, but there are a lot of configuration and troubleshooting examples HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greene, Patrick Sent: Wednesday, May 02, 2001 2:49 AM To: [EMAIL PROTECTED] Subject: Cisco VPN Client. [7:2865] Is there anyway to force the Cisco VPN client to use port 80 for communications? This would be used to get through firewall's allowing only port 80. Thank You, Patrick Greene CCNP,CCDP,MCSE,MCNE Information Technologies Enterprises Email:[EMAIL PROTECTED] Office:800-535-6544 Mobile:704-953-6949 Fax:704-896-5797 URL: www.infotechent.net and www.alwaysweb.com [GroupStudy.com removed an attachment of type image/gif which had a name of PRTNRPR.GIF] [GroupStudy.com removed an attachment of type image/bmp which had a name of MCSP_P.bmp] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2941t=2865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Client..... [7:2865]
Serves to remind that there are a series of questions one must ask, and things one must understand, when implementing VPN's. In particular, the applications being used, and their requirements. For example, suppose the application is web based, and requires SSL. What needs be done on the firewall? If that same application is only for the VPN client, and not for public consumption, then what should or should not be considered? What is or is not necessary? Why? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 02, 2001 1:18 PM To: [EMAIL PROTECTED] Subject:Re: Cisco VPN Client. [7:2865] And folks get protocols and tcp/udp ports confused. It's not simply running on another port, but a different protocol (ESP). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You should permit ip protocols 50 and 51 ( IPSec AH and ESP ) on the firewall. http://www.cisco.com/cgi-bin/Support/PSP/psp_view.pl?p=Hardware:PIXs=Softwa re_Configuration#Software_Samples_%26_Tips watch the word wrap you need a CCO login to get here, but there are a lot of configuration and troubleshooting examples HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greene, Patrick Sent: Wednesday, May 02, 2001 2:49 AM To: [EMAIL PROTECTED] Subject: Cisco VPN Client. [7:2865] Is there anyway to force the Cisco VPN client to use port 80 for communications? This would be used to get through firewall's allowing only port 80. Thank You, Patrick Greene CCNP,CCDP,MCSE,MCNE Information Technologies Enterprises Email:[EMAIL PROTECTED] Office:800-535-6544 Mobile:704-953-6949 Fax:704-896-5797 URL: www.infotechent.net and www.alwaysweb.com [GroupStudy.com removed an attachment of type image/gif which had a name of PRTNRPR.GIF] [GroupStudy.com removed an attachment of type image/bmp which had a name of MCSP_P.bmp] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2953t=2865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
