Firewall Wizards mailing list archives
Tool for testing filters?
From: "Fernando da Silveira Montenegro" <montenegro () nutec com br>
Date: Mon, 12 Jan 1998 16:08:06 -0200
Hi everyone! Typical scenario: customer wants client PC with VPN software (EagleMobile in this case, but can be generalized) through his local ISP all the way to the corporate site, through some other ISP. Does anybody know of a good tool we can use to check if the path from the local ISP to the corporate firewall) is clear of packet filters that would block VPN traffic (TCP/1723, TCP/420, SWIPE, IPSEC, GRE, ...)? I thought perhaps a modified traceroute might work for the TCP connection status (on getting anything different than ICMP TTL exceeded, such as TCP RST, TCP SYN or timeout, you got to someone discarding traffic, or you got to the firewall and your problem is something else) but I don't know about the different IP packet types. Does ICMP hold for them as well? We keep hitting into this problem on implementing VPNs for customers. We end up having to check every ISP in the path, and we all know the pain it is to explain the situation to every admin, and those delays keep adding up... If no one has this running, I'll give it a shot (modify traceroute). Otherwise, any pointers? Thanks in advance! Regards, Fernando -- Fernando da Silveira Montenegro NutecNet Servicos Corporativos System/Network Consultant Sao Paulo, SP, BRAZIL mailto:montenegro () nutec com br http://www.nutecnet.com.br voice.:+55-11-5505-5728 #include <disclaimer.h>
Current thread:
- Tool for testing filters? Fernando da Silveira Montenegro (Jan 12)
- Re: Tool for testing filters? Chris Brenton (Jan 13)
- Re: Tool for testing filters? myles (Jan 14)
- <Possible follow-ups>
- Re: Tool for testing filters? Fernando da Silveira Montenegro (Jan 13)
- Re: Tool for testing filters? Chris Brenton (Jan 13)