RE: Access list to deny IPSEC on C1600

2001-03-12 Thread Hinds, Jarrett
If using Encryption (DES, 3DES) the following will work: ip access-list extended VPN permit esp host 10.1.1.1 host 10.1.2.1 permit udp host 10.1.1.1 host 10.1.2.1 eq isakmp If using on Authentication header only (MD5, SHA1) the following will work: ip access-list extended VPN permit ahp ho

RE: Access list to deny IPSEC on c1600

2001-03-12 Thread Damien Kelly
ED]] > Sent: Monday, March 12, 2001 3:15 PM > To: 'kevin smith'; [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: Access list to deny IPSEC on c1600 > > I have the security specialization and have been doing security for the > last > 3 years. I have

RE: Access list to deny IPSEC on C1600

2001-03-12 Thread Rizzo Damian
Block ports 500(isakmp), 50(esp) and 51(ahp). -Original Message- From: Gil Shulman [mailto:[EMAIL PROTECTED]] Sent: Monday, March 12, 2001 6:37 AM To: 'Damien Kelly'; '[EMAIL PROTECTED]' Subject: RE: Access list to deny IPSEC on C1600 Hi, The IPSEC protoc

Re: Access list to deny IPSEC on c1600

2001-03-12 Thread Santosh Koshy
CTED]... > Get you facts straight before you send a message to the entire group > > > -Original Message- > > From: kevin smith [SMTP:[EMAIL PROTECTED]] > > Sent: Monday, March 12, 2001 2:45 PM > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Subject

RE: Access list to deny IPSEC on c1600

2001-03-12 Thread Christopher Larson
, March 12, 2001 9:45 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Access list to deny IPSEC on c1600 i see you are not much of security p. because there is another term in sec for hash. so much for trying to help out and correct some mistake by fello lisp server users. that is it for

RE: Access list to deny IPSEC on c1600

2001-03-12 Thread Damien Kelly
Get you facts straight before you send a message to the entire group > -Original Message- > From: kevin smith [SMTP:[EMAIL PROTECTED]] > Sent: Monday, March 12, 2001 2:45 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: Access list to deny IPS

RE: Access list to deny IPSEC on c1600

2001-03-12 Thread kevin smith
i see you are not much of security p. because there is another term in sec for hash. so much for trying to help out and correct some mistake by fello lisp server users. that is it for me no more helping out i wonder if everyone at orbicom is incooperative as u --

RE: Access list to deny IPSEC on c1600

2001-03-12 Thread kevin smith
i do not know what you been smoking but the udp is 500 for ipsec iskmp (or simply ike) you can verify simply checkin on your winx machine's port list. 50 and 51 is not related to ipsec port but they are protocols. of course related to ipsec. --- FREE!

RE: Access list to deny IPSEC on C1600

2001-03-12 Thread Gil Shulman
Hi, The IPSEC protocol uses UDP port 500. Gil -Original Message- From: Damien Kelly [mailto:[EMAIL PROTECTED]] Sent: ??? ??? 12 ??? 2001 12:33 To: '[EMAIL PROTECTED]' Subject: Access list to deny IPSEC on C1600 Hi All One of our office is on ISDN dialup and has

Access list to deny IPSEC on C1600

2001-03-12 Thread Damien Kelly
Hi All One of our office is on ISDN dialup and has a firewall behind it on the LAN, we have an issue with the line connecting to the ISP every min, 24 x 7, as you can imagine the ISDN bill is huge. We have determined the VPN link is cauing the dialup's. The Cisco is a 1603, I want to create a