[fw-wiz] PIX VPN -- setting encryption to 'none' for debugging

From: Dave Owens (dowens@iquest.net)
Date: 03/05/03

Next message: Dave Rinker: "Re: [fw-wiz] PIX Logging Analysis"

Previous message: Paul Stewart: "[fw-wiz] PIX Logging Analysis"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
From: Dave Owens <dowens@iquest.net>
Date: Wed, 05 Mar 2003 13:55:36 -0500

Hi All,

I have a working VPN from a Sidewinder (my end) to a PIX. By "working"
I mean that ip-proto-50 traffic is being passed, so there seems to be a
good SA. However, the telnet session I'm attempting through the VPN never
has worked. There's some NAT going on at the other end, so there's some
possible problem areas.

The packets coming back to the Sidewinder never make it to the client
application. To debug this thing, I'd like to be able to see the
unencrypted packets as they're returned. On the Sidewinder I can select
"none" for the IPSec Crypto Algorithm, but the folks on the PIX end of the
VPN don't seem to think that option is available. My own research led me
to some PIX commands that consisted of 'crypto ipsec' and 'null', which was
changed on both ends of the VPN, but that didn't make the packets
readable. The Sidewinder folks tell me that the encryption must be set to
'none'.

Does anyone know how to set encryption to 'none' on a PIX, or have any
other suggestions for figuring this think out?

Thanks,

Dave
dowens@iquest.net

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Dave Rinker: "Re: [fw-wiz] PIX Logging Analysis"

Previous message: Paul Stewart: "[fw-wiz] PIX Logging Analysis"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]