RE: Cisco Workaround
From: Adam Overlin (adam.overlin_at_content-mgmt.com)
Date: 08/04/03
- Previous message: Michael Patrick: "Re: Egreping for Addressed"
- In reply to: Douglas Gullett: "RE: Cisco Workaround"
- Next in thread: David Gillett: "RE: Cisco Workaround"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Douglas Gullett" <dougg03@comcast.net>, <security-basics@securityfocus.com> Date: Mon, 4 Aug 2003 09:14:26 -0700
Actually the "cheat" *** was just instructions for installing the new IOS.
We do have an access list set up, but we didn't make any changes to it. And
after we upgraded, we checked the list and it stayed the same. But our VPN
was still knocked out.
Thanks,
Adam
-----Original Message-----
From: Douglas Gullett [mailto:dougg03@comcast.net]
Sent: Saturday, August 02, 2003 8:49 AM
To: Adam Overlin; security-basics@securityfocus.com
Subject: RE: Cisco Workaround
Adam,
If the "cheat" *** you are referring to is the Cisco Security Alert, I am
guessing that you put in their access-list. For IPSEC you need to have
Protocol Port 51 (ESP) and Protocol Port 52 (AH) open, as well as UDP Port
500 (isakmp).
Doug
-----Original Message-----
From: Adam Overlin [mailto:adam.overlin@content-mgmt.com]
Sent: Thursday, July 31, 2003 12:59 PM
To: security-basics@securityfocus.com
Subject: RE: Cisco Workaround
I just joined this list so I haven't seen the whole thread on this issue,
thus my company's particular issue may have been discussed already, but I
thought I would see if I could get some help anyway.
Background:
We have a Cisco 827 router and a PIX 506e locally. Router being in front of
the PIX. We also have a co-location facility that we are connected via a
constant VPN tunnel. There we have a PIX 515e. The two pixes are what
control the VPN/encryption.
Issue:
The pixes don't run IOS so we didn't have to worry about upgrading those.
However, the router does. So we upgraded the router to the latest version.
Everything worked ok, except, the VPN tunnel. That got knocked out. Keep
in mind that I am no Cisco expert. I did the upgrade with the help of a
*cheat* *** that Cisco sent us. All I did was copy the information. I
didn't really understand what I was actually typing into the console (we
have another network consultant that is responsible for the "understanding
part, although he didn't know why it wasn't working either). :)
So after a little messing around we reverted back to the old IOS and
everything was peachy. A couple days later they sent us another version to
upgrade with and that did the same thing. Needless to say, we are still
upgradeless.
If there are any suggestions out there, I would really appreciate it. If I
didn't give enough info, please let me know, and I will get you whatever you
need (within my power of course).
Thanks in advance,
Adam
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Michael Patrick: "Re: Egreping for Addressed"
- In reply to: Douglas Gullett: "RE: Cisco Workaround"
- Next in thread: David Gillett: "RE: Cisco Workaround"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
