Re: Not able Work with VPN connection.

["DePriest, Jason R." <jrdepriest () gmail com>]

On Wed, May 27, 2009 at 11:31 PM, Brandon Enright <> wrote:
> For curiosities sake, what happens if you make a static ARP entry for
> the target IP with your VPN adaptors MAC?  If this helps we might think
> about adding a --dest-mac <mac> option.
>
> Brandon

I tried this out.  I have attached the results.

Here is a run down of what I did.

First, I connected to the VPN using the Network Connect Juniper VPN client.

I ran a regular 'ping' against the target IP.  It was successful.

I ran an nmap ping scan against the target IP.  It failed like this.
SENT (1.5000s) ARP who-has {VPN_Client_IP} tell {VPN_Client_IP}
nexthost: Failed to determine dst MAC address for target {Target_System_IP}
QUITTING!

I created a static arp entry for the target IP using the MAC of the VPN client.

I ran an nmap ping scan against the target IP.  It failed in the same
way like this.
SENT (0.7350s) ARP who-has {VPN_Client_IP} tell {VPN_Client_IP}
nexthost: Failed to determine dst MAC address for target {Target_System_IP}
QUITTING!

I deleted the static arp entry for the target IP.

I created a static arp entry for the VPN client IP using the MAC of
the VPN client.

I ran an nmap ping scan against the target IP.  It failed in a new and
different way like this.
Host {Target_System_IP} is down.
No data files read.
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.55 seconds
           Raw packets sent: 4 (136B) | Rcvd: 0 (0B)

The attachment has all of the output with sanitized IP addresses.

Thanks.

-Jason

Attachment: nmap-via-vpn-01.txt
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org