[fw-wiz] PIX VPN -- setting encryption to 'none' for debugging

From: Dave Owens (dowens@iquest.net)
Date: 03/05/03

  • Next message: Dave Rinker: "Re: [fw-wiz] PIX Logging Analysis"
    To: firewall-wizards@honor.icsalabs.com
    From: Dave Owens <dowens@iquest.net>
    Date: Wed, 05 Mar 2003 13:55:36 -0500
    

    Hi All,

        I have a working VPN from a Sidewinder (my end) to a PIX. By "working"
    I mean that ip-proto-50 traffic is being passed, so there seems to be a
    good SA. However, the telnet session I'm attempting through the VPN never
    has worked. There's some NAT going on at the other end, so there's some
    possible problem areas.

        The packets coming back to the Sidewinder never make it to the client
    application. To debug this thing, I'd like to be able to see the
    unencrypted packets as they're returned. On the Sidewinder I can select
    "none" for the IPSec Crypto Algorithm, but the folks on the PIX end of the
    VPN don't seem to think that option is available. My own research led me
    to some PIX commands that consisted of 'crypto ipsec' and 'null', which was
    changed on both ends of the VPN, but that didn't make the packets
    readable. The Sidewinder folks tell me that the encryption must be set to
    'none'.

        Does anyone know how to set encryption to 'none' on a PIX, or have any
    other suggestions for figuring this think out?

    Thanks,

    Dave
    dowens@iquest.net

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Dave Rinker: "Re: [fw-wiz] PIX Logging Analysis"