Security Basics mailing list archives
RE: Cisco Workaround
From: "Paul Benedek" <paul.benedek () excis co uk>
Date: Thu, 31 Jul 2003 20:59:37 +0100
Hi Adam, This sounds like an interesting problem. Please could you send details of the cheat sheet and the versions of IOS that you upgraded to? My thoughts are that you may have created an access list that denied the protocols needed for your VPN tunnel, these being IKE and IPSEC. With access lists you need to be specific after you create them otherwise they will implicitly deny traffic. Once I have seen the cheat sheet, I can advise you of what may work. Regards, Paul Benedek Director Excis Networks Limited http://www.excis.co.uk -----Original Message----- From: Adam Overlin [mailto:adam.overlin () content-mgmt com] Sent: 31 July 2003 17:59 To: security-basics () securityfocus com Subject: RE: Cisco Workaround I just joined this list so I haven't seen the whole thread on this issue, thus my company's particular issue may have been discussed already, but I thought I would see if I could get some help anyway. Background: We have a Cisco 827 router and a PIX 506e locally. Router being in front of the PIX. We also have a co-location facility that we are connected via a constant VPN tunnel. There we have a PIX 515e. The two pixes are what control the VPN/encryption. Issue: The pixes don't run IOS so we didn't have to worry about upgrading those. However, the router does. So we upgraded the router to the latest version. Everything worked ok, except, the VPN tunnel. That got knocked out. Keep in mind that I am no Cisco expert. I did the upgrade with the help of a *cheat* sheet that Cisco sent us. All I did was copy the information. I didn't really understand what I was actually typing into the console (we have another network consultant that is responsible for the "understanding part, although he didn't know why it wasn't working either). :) So after a little messing around we reverted back to the old IOS and everything was peachy. A couple days later they sent us another version to upgrade with and that did the same thing. Needless to say, we are still upgradeless. If there are any suggestions out there, I would really appreciate it. If I didn't give enough info, please let me know, and I will get you whatever you need (within my power of course). Thanks in advance, Adam --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Cisco Workaround, (continued)
- RE: Cisco Workaround Noonan, Wesley (Jul 28)
- RE: Cisco Workaround Martin, Olivier (Jul 28)
- Re: Cisco Workaround joshua sahala (Jul 28)
- RE: Cisco Workaround Ghaith Nasrawi (Jul 29)
- Re: Cisco Workaround stephane nasdrovisky (Jul 29)
- Re: Cisco Workaround Jac (Jul 30)
- RE: Cisco Workaround Todd Mitchell - lists (Jul 30)
- Re: Cisco Workaround James Fields (Jul 30)
- Re: Cisco Workaround Jac (Jul 31)
- RE: Cisco Workaround Adam Overlin (Jul 31)
- RE: Cisco Workaround Paul Benedek (Jul 31)
- Re: Cisco Workaround stephane nasdrovisky (Jul 29)