Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Cisco VPN Client Behind Firewall

from [Volker Tanger] Network Security [Permanent Link]
Subject: Re: Cisco VPN Client Behind Firewall
Date: Tue, 20 Dec 2005 21:00:30 +0100 
On Mon, 19 Dec 2005 13:37:34 -0600
"Richard St John" <Richard.StJohn@gbe.com> wrote:


We recently rolled out a remote access tool that requires the Cisco
VPN Client.

It is working all over the world with no issues.....except for some
personnel we have on vendor/customer sites which are behind another
companies corporate firewall.


Ask your cisco admin how your client/access system is configured for NAT
traversal as company firewalls usually don't know/allow transparent
IPSec-forwarding (and rightfully so).

Then (try to) have the two ports for IKE and NAT-T (UDP-encapsulation)
allowed outbound. Or (for routers) IKE and AH/ESP IP-types. These
changes are the same for all firewall brands. 

But as there is inherent danger in DAU-performed (even if probably only
loose) network coupling VPN traffic usually is not allowed through
properly managed firewalls. 

If you ever might have gotten a management permission for uncontrolled
network coupling done by users the FW admin should know how to enable
the requirements your cisco admin told you. There are waaay too many
variables to squeeze that problem into a DAU-safe cooking reciepe.

Bye

Volker


-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@wyae.de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Delete User in CheckPoint 4.1, Pablo Hauser
Next by Date:  RE: Firewall the movie, Anthony Cicalla
Previous by Thread:  SV: Cisco VPN Client Behind Firewall, Jan Nielsen
Next by Thread:  RE: Cisco VPN Client Behind Firewall, Meidinger Chris
Indexes:  [Date] [Thread] [Top] [All Lists]