Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SV: Cisco VPN Client Behind Firewall

from [Jan Nielsen] Network Security [Permanent Link]
Subject: SV: Cisco VPN Client Behind Firewall
Date: Wed, 21 Dec 2005 21:53:53 +0100 
Sorry, that website does not exist......instead I think you need to make
your solution more flexible, say with the Cisco SSL VPN Client for the vpn
3000 series, this software tunnels everything like you would be used to with
a Cisco client, but it uses SSL (tcp/443) as its crypto/transport with a
much better chance of getting a connection from behind most firewalls, since
this is open in most corporate environments, due to banking and e-trading
requirements.
If your vpn device is a ASA/PIX 7.0 you could enable tcp encapsulation on
port 443, but you would still need port 500 udp for key
exchange/negotiations. Ssl tunnel client will be supported on the asa in a
future release.

Find out more about cisco ssl vpn here :
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item091
86a0080553209.shtml

Regards,
Jan
 

-----Oprindelig meddelelse-----
Fra: boyakash@cp.goodydomains.com [mailto:boyakash@cp.goodydomains.com] På
vegne af Richard St John
Sendt: 21. december 2005 14:12
Til: firewalls@securityfocus.com; vtlists@wyae.de
Emne: Re: Cisco VPN Client Behind Firewall

Thanks for all the information

I guess I should clarify. I have no issues passing it through my own
firewall and have done so, in our testing. Analysis of the traffic from our
VPN clients shows:

UDP 10000 {source and destination port}
UDP 500 {source and destination port}
UDP 62515
UDP 4500  {source and destination port}

The traffic is slightly different when we use iPass {3rd party connectivity
client} versus just the Cisco VPN.

The issue is when we have our personnel onsite at another company
{vendor/customer} and THEIR IT personnel want to know how to pass the
traffic through their XYZ firewall. Unfortunately, not all of the companies
we deal with have the sharpest personnel. 

I was hoping that there was a web site that I could point these people to
and say,"Here is a website that show you how you change your XYZ firewall to
allow the Cisco VPN" I have to be concerned that if I tell a company how to
modify their own security posture and they make a mistake that my company is
not liable.

RS
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cisco VPN Client Behind Firewall, Volker Tanger
Next by Date:  RE: Firewall the movie, Meidinger Chris
Previous by Thread:  Re: Cisco VPN Client Behind Firewall, Richard St John
Next by Thread:  RE: Cisco VPN Client Behind Firewall, daniel.sullivan
Indexes:  [Date] [Thread] [Top] [All Lists]