lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <407158A0.4080204@comsquared.com>
From: dgianndrea at comsquared.com (David Gianndrea)
Subject: MSN\Qwest ships DSL modem with "unconfigurable"
    firewall

Look up NAT-T @ cisco.com. That should help ya!


Volker Tanger wrote:

> Greetings!
> 
> On Fri, 2 Apr 2004 10:19:59 -0700 James Lay <jlay@...riben.com> wrote:
> 
> 
>>Real quick...just implemented a Cisco VPN concentrator here and lo and
>>behold certain users couldn't get in.  The concentrator is setup with
>>the standard UDP port 500.  All users BESIDES MSN\Qwest DSL users
>>could get right on.  After a few calls and some frustration, Qwest
>>informed us that the firewall on the DSL router they ship is
>>"unconfigurable"
> 
> 
> 
> That is because you'll need AH/ESP (== IP type 50/51) in addition to
> IKE, if you want to implement IPSec VPN.
> 
> Most el-cheapo routers only support 
> 	ICMP (== IP type 1)
> 	TCP  (== IP type 6) 
> and 	UDP  (== IP type 17)
> 
> Thus you'd need an encapsulation of ESP traffic like the soft-VPN
> clients of Nortel and CheckPoint offer (probably just because of this
> problem). Or you'd have to have a router that really supports 
> "IPSec-Forwarding" (i.e. blind forwarding of IP types 50+51 to a
> specific IP to be configured in the router). Data sheets don't always
> tell the truth here, so you really should verify before rollout...  
> 
> Qapla'
> 
> Volker Tanger
> ITK Security
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.

Email:   dgianndrea@...squared.com
Web:     www.comsquared.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ