[fw-wiz] Ezy vpn

---

• From: "Darlington Moyo - BCX - Comms" <Darlington.Moyo@xxxxxxxxx>
• Date: Tue, 24 Oct 2006 14:26:03 +0200

---

Hi folks

Could somebody help with the config to set up a vrf aware IPSEC Ezy Vpn
on a 6509 switch

Iam desperate for this config guys


Kind Regards,
Darlington Moyo



Darlington Moyo
Senior Network Engineer
Business Connexion Communications


Office: +27 (0)11 256 0513
Mobile: +27 (0)84 500 9500
Fax: +27 (0)11 256 0504
Email: darlington.moyo@xxxxxxxxx
Web Site: www.bcx.co.za

NOTICES:
1. This message and any attachments are confidential and intended solely
for the addressee. If you have received this message in error, please
notify the sender at Business Connexion Communications (Pty) Ltd
immediately. Any unauthorised use, alteration or dissemination is
prohibited.
2. Business Connexion Communications (Pty) Ltd accepts no liability
whatsoever for any loss whether it be direct, indirect or consequential,
arising from information made available and actions resulting there
from.
3. Please note that Business Connexion Communications only binds itself
by way of signed agreements. 'Signed' refers to a hand-written
signature, excluding any signature appended by 'electronic
communication' as defined in the Electronic Communications and
Transactions Act, no. 25 of 2002.
4. Directors: W.A. Jansen van Rensburg, A.C. Farthing (British), L.B.
Mophatlane. L.I. Mophatlane, M.W. Schoeman, P.A. Watt.
5. Business Connexion Communications (Pty) Ltd Company Registration
Number: 1993/003683/07


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Behm, Jeffrey L.
Sent: 20 October 2006 19:57
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Forcing All Web traffice thew a remote proxy.

This client is also split among multiple locations. The catch is that
all web surfing comes back to the main office (ok, one of three main hub
offices) and exits the network there through the proxy server(one proxy
server in each of the three "main" locations). The remote sites utilize
site to site IPSec VPN to connect back to the main office. The upside to
that is that web surfing is centrally managed (via content filtering on
the proxy server) and logged (web usage reporting). The downside is that
websurfing traffic all converges into the main office, so the loss ends
up being the ability to distribute web surfing traffic across all those
Internet connections (i.e. the loss is a bunch of distributed
bandwidth).

Jeff

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Craig Van Tassle
Sent: Thursday, October 19, 2006 3:08 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Forcing All Web traffice thew a remote proxy.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That is the plan we are going to move to eventually, but for now its
manualy set threw a the group policy.

Let me give you a little bit more of a layout.


site1-<>vpn<>internet<>main office
site2-<>vpn<>internet<>-^
site3-<>vpn<>internet<>-^

As you can see, we don't have a single Internet Firewall, if it was all
in one location then yea that would be easy to do, but we are split up
across multiple locations.
Behm, Jeffrey L. wrote:

For one client of ours, we blocked all outbound port 80 traffic at the

Internet firewall (with some exceptions, as usual!), and then use an
"automatic configuration script" that is on the HTTP proxy. When the
browser fires up on the end-user PC, it first contacts the proxy

server

to retrieve the .pac file (auto config script), and based on where it

is

headed and/or where it came from, it is directed to one of three HTTP
proxy servers. Using the auto config script allows us to centrally
manage where PC's go for web surfing(via changes to the .pac file).

It's

the block of direct port 80 access at the Internet firewall that
"forces" the PC's to comply with use of the script. I guess they could

od manual entry of the proxy settings, but most end users don't quite
get how to do that. Additionally, use of active directory group policy

"resets" the proxy settings on a regular basis to "force" use the .pac

file.

Here's a Microsoft Technet article on Automatic Proxy.

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/ierk

/Ch21_b.mspx?mfr=true
It talks about using Automatic Configuration and Automatic Proxy. We

are

using the latter only. The proxy you are directed to does not *have*

to

be a Microsoft proxy. We have some traffic head to a squid proxy on a
Solaris machine(long story).

Hope this helps,
Jeff

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Craig Van Tassle
Sent: Tuesday, October 17, 2006 10:36 AM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Forcing All Web traffice thew a remote proxy.

I have several site and I would like to force all traffic thew a

remote

proxy at
one site. I was thinking of setting up some form of NAT rules for
pushing everything thew our proxy.

How would something like that be implimented? Or what are other

thoughs?

Thanks,
Craig

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFN9suAOTIJ89W4sIRAhHKAJ98IPUdfJp1BiqV4z1+RCuBEm9w6wCfS+B4
s+3ilYhXjdM1QOeVVb2EbHo=
=tpSf
-----END PGP SIGNATURE-----

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

---

• Prev by Date: Re: [fw-wiz] rule uid in log of CheckPoint
• Next by Date: Re: [fw-wiz] rule uid in log of CheckPoint
• Previous by thread: [fw-wiz] rule uid in log of CheckPoint
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Publish to External FrontPage Server ... meaning Auto config, use proxy I am able to connect to the remote website. ... How can I make this work without having to disable the IE settings everytime ... Publish to External FrontPage Server ... (microsoft.public.isa) Re: HTTPS; SSL-Tunnel ... IE config under tools/internet options: ... Use a proxy server is checked ... > Original Client IP Client Agent Authenticated Client Service Server Name ... (microsoft.public.isa) Firewall / Reverse Proxy Config Questions. ... I am putting together a proxy/firewall config ... ... reverse proxy with 2 IP's in ... NIC2 is connected to the FireWall DMZ NIC ... (comp.security.firewalls) Re: Someone spamming using my reverse proxy ... >> somewhere in your config so that the bad guys can't get in. ... I don't this proxy as a forward ... ProxyPass / http://123.12.12.123/ ... PLEASE NOTE - the entry in the <Proxy statement must match exactly ... (RedHat)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)