[fw-wiz] PIX VPN -- setting encryption to 'none' for debugging

From: Dave Owens (dowens@iquest.net)
Date: 03/05/03

  • Next message: Dave Rinker: "Re: [fw-wiz] PIX Logging Analysis"
    To: firewall-wizards@honor.icsalabs.com
    From: Dave Owens <dowens@iquest.net>
    Date: Wed, 05 Mar 2003 13:55:36 -0500

    Hi All,

        I have a working VPN from a Sidewinder (my end) to a PIX. By "working"
    I mean that ip-proto-50 traffic is being passed, so there seems to be a
    good SA. However, the telnet session I'm attempting through the VPN never
    has worked. There's some NAT going on at the other end, so there's some
    possible problem areas.

        The packets coming back to the Sidewinder never make it to the client
    application. To debug this thing, I'd like to be able to see the
    unencrypted packets as they're returned. On the Sidewinder I can select
    "none" for the IPSec Crypto Algorithm, but the folks on the PIX end of the
    VPN don't seem to think that option is available. My own research led me
    to some PIX commands that consisted of 'crypto ipsec' and 'null', which was
    changed on both ends of the VPN, but that didn't make the packets
    readable. The Sidewinder folks tell me that the encryption must be set to

        Does anyone know how to set encryption to 'none' on a PIX, or have any
    other suggestions for figuring this think out?



    firewall-wizards mailing list

  • Next message: Dave Rinker: "Re: [fw-wiz] PIX Logging Analysis"