RE: Cisco Workaround

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 08/04/03

  • Next message: subscribe: "RE: syslog log collabration" 
    To: "'Douglas Gullett'" <dougg03@comcast.net>, "'Adam Overlin'" <adam.overlin@content-mgmt.com>, <security-basics@securityfocus.com>
Date: Mon, 4 Aug 2003 09:16:29 -0700

      ESP is protocol 50 and AH is 51. Neither opening 52 nor
    leaving 50 closed is likely to help.

    David Gillett

    > -----Original Message-----
    > From: Douglas Gullett [mailto:dougg03@comcast.net]
    > Sent: August 2, 2003 08:49
    > To: Adam Overlin; security-basics@securityfocus.com
    > Subject: RE: Cisco Workaround
    >
    >
    > Adam,
    >
    > If the "cheat" *** you are referring to is the Cisco
    > Security Alert, I am
    > guessing that you put in their access-list. For IPSEC you
    > need to have
    > Protocol Port 51 (ESP) and Protocol Port 52 (AH) open, as
    > well as UDP Port
    > 500 (isakmp).
    >
    > Doug
    >
    > -----Original Message-----
    > From: Adam Overlin [mailto:adam.overlin@content-mgmt.com]
    > Sent: Thursday, July 31, 2003 12:59 PM
    > To: security-basics@securityfocus.com
    > Subject: RE: Cisco Workaround
    >
    >
    > I just joined this list so I haven't seen the whole thread on
    > this issue,
    > thus my company's particular issue may have been discussed
    > already, but I
    > thought I would see if I could get some help anyway.
    >
    > Background:
    > We have a Cisco 827 router and a PIX 506e locally. Router
    > being in front of
    > the PIX. We also have a co-location facility that we are
    > connected via a
    > constant VPN tunnel. There we have a PIX 515e. The two
    > pixes are what
    > control the VPN/encryption.
    >
    > Issue:
    > The pixes don't run IOS so we didn't have to worry about
    > upgrading those.
    > However, the router does. So we upgraded the router to the
    > latest version.
    > Everything worked ok, except, the VPN tunnel. That got
    > knocked out. Keep
    > in mind that I am no Cisco expert. I did the upgrade with
    > the help of a
    > *cheat* *** that Cisco sent us. All I did was copy the
    > information. I
    > didn't really understand what I was actually typing into the
    > console (we
    > have another network consultant that is responsible for the
    > "understanding
    > part, although he didn't know why it wasn't working either). :)
    >
    > So after a little messing around we reverted back to the old IOS and
    > everything was peachy. A couple days later they sent us
    > another version to
    > upgrade with and that did the same thing. Needless to say,
    > we are still
    > upgradeless.
    >
    > If there are any suggestions out there, I would really
    > appreciate it. If I
    > didn't give enough info, please let me know, and I will get
    > you whatever you
    > need (within my power of course).
    >
    > Thanks in advance,
    > Adam
    >
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > --------------
    >
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > --------------
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: subscribe: "RE: syslog log collabration"