Security Basics mailing list archives

Re: VPN Question

From: Schneider Sebastian <ses () straightliners de>
Date: Fri, 22 Aug 2003 23:28:08 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If the IPSec protocol selected is ESP in tunnel mode everything should work 
out  with NAT as long as the firewall at the co-worker's remote location 
doesn't block outbound traffic from port 500. Some paranoid people configure 
their firewalls to drop that traffic,however.

It is required to use port 500 for ISAKMP for it has been assigned by IANA and 
is described in RFC2408.

You can however contact the appropriate technical contact of that very 
location and ask her to open up that port for use with ISAKMP/VPN. Usually 
they just don't know.

Fur further questions feel free to send me an e-mail or give me a buzz.

Sebastian



On Friday 22 August 2003 22:48, you wrote:

Sebastian,

I believe it's ESP.

Jim


 -----Original Message-----
From:         Schneider Sebastian [mailto:ses () straightliners de]
Sent: Friday, August 22, 2003 4:46 PM
To:   Brezicky, Jim
Subject:      Re: VPN Question

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IPSec in AH or ESP transport/tunnel mode?

Sebas

On Friday 22 August 2003 22:35, you wrote:

Sebastian,

We are using IPSec, it appears that Phase II of the authentication is
failing on UDP port 500..

Thanks,

Jim


 -----Original Message-----
From:       Schneider Sebastian [mailto:ses () straightliners de]
Sent:       Friday, August 22, 2003 4:22 PM
To: Jim Brezicky
Subject:    Re: VPN Question

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim,

which protocol is being used to build up the VPN communications?

Sebastian

On Friday 22 August 2003 19:29, Jim Brezicky wrote:

Good afternoon all,

This posting is a little off track, but I'm hoping someone can help me
anyway.

I have a SonicWall Pro230 and I'm trying to do VPN with it. My users
connect from some locations and not others. Example: They could connect
from the Airport in Cincinnati, but not the airport in Las Vegas. Seems
they can't connect in many (if any hotels). In speaking with SonicWall
they said this is a known issue when connecting through a firewall on

the

hotel side.

I know I'm not the first company to try this, and was wondering how
others get by this issue? Or is this an inherent SonicWall issue.

Most of my users are traveling Sales people, and will go all around the
US, and Japan.

Any insight would be GREATLY appreciated.

Thanks,

Jim Brezicky
InfiMed Inc


---------------------------------------------------------------------------


---------------------------------------------------------------------------


- --

Sebastian Schneider
straightLiners IT Consulting & Services
Metzer Str. 12
13595 Berlin
Germany

Phone: +49-30-3510-6168
Fax: +49-30-3510-6169

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtümlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
gestattet.

This E-Mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this E-Mail
in error please notify the sender immediately and destroy this E-Mail.
Any unauthorized copying, disclosure or distribution of the material
in this E-Mail is strictly forbidden.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/RnthQ7mOWZBxbPcRAg0nAJ4vHarMCz3amZjSWIWc4u145dYFQwCeMmwl
WivxGglRAF3bXTFgrIJkYsE=
=8sR5
-----END PGP SIGNATURE-----


- --

Sebastian Schneider
straightLiners IT Consulting & Services
Metzer Str. 12
13595 Berlin
Germany

Phone: +49-30-3510-6168
Fax: +49-30-3510-6169

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtümlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
gestattet.

This E-Mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this E-Mail
in error please notify the sender immediately and destroy this E-Mail.
Any unauthorized copying, disclosure or distribution of the material
in this E-Mail is strictly forbidden.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/RoDrQ7mOWZBxbPcRAsrhAJ0dUi7Gns4PvljpBkI93484vIl/4wCglKd5
Qzf7yXHIRt75tEmTeM+5yx0=
=iZcX
-----END PGP SIGNATURE-----

- --

Sebastian Schneider
straightLiners IT Consulting & Services
Metzer Str. 12
13595 Berlin
Germany

Phone: +49-30-3510-6168
Fax: +49-30-3510-6169

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtümlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
gestattet.

This E-Mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this E-Mail
in error please notify the sender immediately and destroy this E-Mail.
Any unauthorized copying, disclosure or distribution of the material
in this E-Mail is strictly forbidden.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/RoroQ7mOWZBxbPcRAouCAKCJSJV0LuH7hTiqTvQpZFxwuu8PSACeOZK5
QmcInhrfAyo6HZP47qJKrAA=
=oOqL
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

VPN Question Jim Brezicky (Aug 22)
- RE: VPN Question Lucas Zaichkowsky (Aug 25)
- RE: VPN Question David Gillett (Aug 26)
- <Possible follow-ups>
- RE: VPN Question DeGennaro, Gregory (Aug 22)
  - Re: VPN Question Gabriel Orozco (Aug 25)
  - Re: VPN Question yankl (Aug 25)
  - RE: VPN Question Burton M. Strauss III (Aug 25)
  - RE: VPN Question Dana Smith (Aug 25)
  - RE: VPN Question chort (Aug 25)
- Re: VPN Question Schneider Sebastian (Aug 25)
- FW: VPN Question Atmavidya, Ananda (Aug 25)
- RE: VPN Question Sinha, Amitabh (Amit) (Aug 25)
- RE: VPN Question George Peek (Aug 25)
- RE: VPN Question David Burt (Aug 26)
  - RE: VPN Question Larry Thompson (Aug 27)
- Re: VPN Question Leon Toh (Aug 29)