[fw-wiz] PIX VPN -- setting encryption to 'none' for debugging
From: Dave Owens (email@example.com)
To: firstname.lastname@example.org From: Dave Owens <email@example.com> Date: Wed, 05 Mar 2003 13:55:36 -0500
I have a working VPN from a Sidewinder (my end) to a PIX. By "working"
I mean that ip-proto-50 traffic is being passed, so there seems to be a
good SA. However, the telnet session I'm attempting through the VPN never
has worked. There's some NAT going on at the other end, so there's some
possible problem areas.
The packets coming back to the Sidewinder never make it to the client
application. To debug this thing, I'd like to be able to see the
unencrypted packets as they're returned. On the Sidewinder I can select
"none" for the IPSec Crypto Algorithm, but the folks on the PIX end of the
VPN don't seem to think that option is available. My own research led me
to some PIX commands that consisted of 'crypto ipsec' and 'null', which was
changed on both ends of the VPN, but that didn't make the packets
readable. The Sidewinder folks tell me that the encryption must be set to
Does anyone know how to set encryption to 'none' on a PIX, or have any
other suggestions for figuring this think out?
firewall-wizards mailing list