Penetration Testing mailing list archives
RE: VPN protocols
From: "John Forristel (SunGard-Chico)" <John.Forristel () sungardbi-tech com>
Date: Wed, 22 Dec 2004 09:04:16 -0800
GRE and ESP are protocols, not ports, so they are transported through on configured ports. In Cisco, you permit gre and esp through for the VPN traffic. In a conduit statement: conduit permit esp any any conduit permit esp any any notice that there is no tcp, udp, or ip in the permit statement. I've noticed that, on some firewalls, it is buried deep in the bowels of the config, and has timeouts set to drop the protocol after so many minutes.
Current thread:
- VPN protocols Dan Tesch (Dec 22)
- RE: [in] VPN protocols Curt Purdy (Dec 22)
- <Possible follow-ups>
- RE: VPN protocols John Forristel (SunGard-Chico) (Dec 22)
- Re: VPN protocols Chris Kuethe (Dec 22)
- RE: VPN protocols Keith Pachulski (Dec 22)