Ascend Pipeline 85 - Passing an "esp" packet

• Next message: jeff Lee: "Re: How can I make the server to call back to client without being blocked by firewall."
• Previous message: Duane Arnold: "Re: Newbie Question: Windows Explorer"
• Next in thread: Andre Knudsen: "Re: Ascend Pipeline 85 - Passing an "esp" packet"
• Reply: Andre Knudsen: "Re: Ascend Pipeline 85 - Passing an "esp" packet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Paul" <paul_lau1@ameritech.net>
Date: Fri, 04 Oct 2002 03:46:24 GMT

Does anyone know if there is a way to pass an inbound "esp" packet through
an Ascend Pipeline 85 firewall, when the firewall is on the external
interface. I'm trying to set up a VPN from a desktop (on a network
connected to the Local side of the Ascend firewall) to a remote location. I
want the tunnel between the desktop and the remote location, not between the
pipeline and the remote location. I want the pipeline to appear
transparent in the connection. The pipeline will handily pass an IKE key
exchange, and an outbound "esp" packet, but no matter what I try, it seems
as if it's hard-coded to take an inbound "esp" packet and either reject it
or look for an SPI to establish a tunnel. The manual says that if the IPsec
rule is not enabled, inbound "esp" packets will be automatically rejected;
but if the IPsec rule is enabled, then the firewall rejects the packet
because it fails to match the pipeline's SPI number (which is non-existent
since the pipline didn't generate the keys). Is there a way to turn this
off or fool the pipeline somehow to let the "esp" packet pass to the
desktop? I've searched the Secure Connect Manuals and this particular
situation is not addressed. Any help or comments would be appreciated.
Thanks!

• Next message: jeff Lee: "Re: How can I make the server to call back to client without being blocked by firewall."
• Previous message: Duane Arnold: "Re: Newbie Question: Windows Explorer"
• Next in thread: Andre Knudsen: "Re: Ascend Pipeline 85 - Passing an "esp" packet"
• Reply: Andre Knudsen: "Re: Ascend Pipeline 85 - Passing an "esp" packet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Ascend Pipeline 85 - Passing an "esp" packet ... I've been there without any luck. ... This was on a Pipeline 133 and another ... > Does anyone know if there is a way to pass an inbound "esp" packet through ... > an Ascend Pipeline 85 firewall, when the firewall is on the external ... (comp.security.firewalls) Re: differences between AH and ESP algorithms ... Just to be clear though- ESP doesn't always add authentication to a ... packet, but it can be configured to do so. ... obviously tunnel mode would be better because each firewall ... (comp.security.firewalls) Re: Kerio PFW 2.14 - Safe? ... >> down user interface. ... Then consider the fact that most packet ... If Kerio 'X' says it's stateful it most ... >> way to know for sure would be to stand between the firewall and the ... (comp.security.firewalls) Re: Firewall questions -- what is ...? ... packet payload inspection. ... IDS is not a firewall and does not necessarily protect you. ... port number for a well known service and the destination port is above 1023, ... Firewalls and IDS are prone to frequent false alarms. ... (microsoft.public.security) Re: Max iptables rules? ... Here is my understanding of how Iptables processes firewall rules, ... Lets say the above is our firewall with 1000 rules in it. ... The packet will be compared to the list. ... On the 3rd rule, iptables will find a match and will allow the packet, ... (comp.security.firewalls)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint