RE: Nortel Contivity VPN and Firewalls

From: DeGennaro, Gregory (Gregory_DeGennaro_at_csaa.com)
Date: 08/14/03

  • Next message: David Y. Ng: "Terminal Services over VPN" 
    To: Leonard.Ong@nokia.com, Henry.Won@jda.com, security-basics@securityfocus.com
Date: Thu, 14 Aug 2003 10:45:47 -0700

    You need IP protocol 51 too.

    Rock on SAS!!! ... ;-)

    Regards,

    Greg DeGennaro Jr., CCNP
    Security Analyst

    -----Original Message-----
    From: Leonard.Ong@nokia.com [mailto:Leonard.Ong@nokia.com]
    Sent: Wednesday, August 13, 2003 8:26 PM
    To: Henry.Won@jda.com; security-basics@securityfocus.com
    Subject: RE: Nortel Contivity VPN and Firewalls

    Hello All,

    Thanks for your inputs on allowing Nortel VPN. Basically the simplified
    version would be :

    Host in Extranet -> Firewall -> Internet -> Nortel VPN Gateway

    Now, we need to have a correct ports open on Firewall. From the inputs I've
    received so far :
    a. UDP 500
    b. IP Protocol 50
    c. TCP 57

    Did I miss something ?

    Regards,
    Leonard

    > -----Original Message-----
    > From: ext Henry Won [mailto:Henry.Won@jda.com]
    > Sent: Thursday, August 14, 2003 12:13 AM
    > To: Ong Leonard (NBI/Singapore); security-basics@securityfocus.com
    > Subject: RE: Nortel Contivity VPN and Firewalls
    >
    >
    > Assuming your clients are trying to connect to Contivity box
    > outside the
    > firewall, you probably need to map global ip to local ip for
    > whomever trying
    > to connect as well as allowing inbound ESP.
    >
    > Henry
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: David Y. Ng: "Terminal Services over VPN"

    Relevant Pages

    • [fw-wiz] UNSUBSCRIBE
      ... (Paul D. Robertson) ... > fixup protocol icmp error ... >> isn't about the security properties of the control, ... errors in the firewall, configuration errors, and it then takes physical ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Secure Computing Sidewinder?
      ... We are moving off Sidewinder G2 solely because of the price. ... There are many different approaches to designing a firewall, ... thorough than most other "application proxy" firewalls, ... packet, tear it apart, inspects it, and then depending on the protocol it ...
      (Firewall-Wizards)
    • Re: Natted IP
      ... > useful if one trys to tunnel an exploit of one protocol inside a second ... but the router "firewall" will block all unsolicited packets unles they are ... If you send some kind of tunneled packet wrapped inside, ... > run only with JS enabled with Java applets disabled. ...
      (alt.computer.security)
    • Firewall that blocks NetBEUI etc.
      ... Personal firewall functionality is mostly oriented toward TCP/IP protocol. ... I have NT4WKS and we have advanced Microsoft network - they have some tool ... I have tried to audit them with netstat or TCPview to see all network ...
      (comp.security.firewalls)
    • Re: Ports getting hammered?
      ... >>> If your Watchguard can't stop outbound traffic... ... >>> Would not the Windows XP firewall do exactly the same work? ... >> protocol analysis to see if protocols are being broken only a IDS ... > permitted ports and protocols. ...
      (comp.security.firewalls)