Penetration Testing mailing list archives

RE: VPN protocols

From: "John Forristel (SunGard-Chico)" <John.Forristel () sungardbi-tech com>
Date: Wed, 22 Dec 2004 09:04:16 -0800

GRE and ESP are protocols, not ports, so they are transported through on
configured ports.  In Cisco, you permit gre and esp through for the VPN
traffic.

In a conduit statement:

conduit permit esp any any
conduit permit esp any any

notice that there is no tcp, udp, or ip in the permit statement.

I've noticed that, on some firewalls, it is buried deep in the bowels of
the config, and has timeouts set to drop the protocol after so many
minutes.

Current thread:

VPN protocols Dan Tesch (Dec 22)
- RE: [in] VPN protocols Curt Purdy (Dec 22)
- <Possible follow-ups>
- RE: VPN protocols John Forristel (SunGard-Chico) (Dec 22)
  - Re: VPN protocols Chris Kuethe (Dec 22)
- RE: VPN protocols Keith Pachulski (Dec 22)