routing table on the client

Eric Henriksen eric_h at Earthlink.Net
Fri Sep 3 13:58:08 EDT 1999


Looks like 204.172.252.13  is the Virtual IP address of the client.  It also
appears that the 198.123.141.58 is being forwarded to this address, and
would be routed down the tunnel.  If you do not need to secure this
connection, simply take this address out of the 'protected networks' access
list for the tunnel.  However, given that it is not over the tunnel, it
would be routed out what appears to be you public ip address of 194.7.250.58
and would be exposed to the public network and possibly unable to reach it's
destination if ti's deastination is in the secure peer network (with the
204.172.252 network.

BTW, not having the route of '0.0.0.0 mask 0.0.0.0 gateway 204.17.252.13'
leaves you exposed to attack from the public network, and even worse allows
the attacker to hijack the tunnel to the corporate network.

Eric
----- Original Message -----
From: <guy.raymakers at europe.eds.com>
To: <vpn at listserv.secnetgroup.com>
Sent: Wednesday, September 01, 1999 3:53 AM
Subject: routing table on the client


>
>
>
> Hi all,
>
> When connecting the Nortel IPsec client to the CES over the Internet, we
have
> noticed that the management IP address of the CES is added in the routing
table
> of the client when the IPsec connection is established. Is there a way to
get
> the IP address out of the routing table ?
>
> Here's an example output :
>
> Active Routes:
>
>   Network Address          Netmask  Gateway Address        Interface
Metric
>           0.0.0.0          0.0.0.0     194.7.250.57     194.7.250.58
1
>         127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1
1
>      194.7.187.90  255.255.255.255     194.7.250.57     194.7.250.58
1
>      194.7.250.56  255.255.255.252     194.7.250.58     194.7.250.58
1
>      194.7.250.58  255.255.255.255        127.0.0.1        127.0.0.1
1
>     194.7.250.255  255.255.255.255     194.7.250.58     194.7.250.58
1
>    198.123.141.58  255.255.255.255   204.172.252.13   204.172.252.13
1
>     204.172.252.0    255.255.255.0   204.172.252.13   204.172.252.13
1
>     204.172.252.8  255.255.255.248   204.172.252.13   204.172.252.13
1
>    204.172.252.13  255.255.255.255        127.0.0.1        127.0.0.1
1
>         224.0.0.0        224.0.0.0     194.7.250.58     194.7.250.58
1
>   255.255.255.255  255.255.255.255     194.7.250.58     194.7.250.58
1
>
> 198.123.141.58 = the management IP address.
>
> Thanks,
> Guy
>
>
> ****************************************************************
> TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
>
> The VPN FAQ (under construction) is available at
> http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
>
> We are currently experiencing "unsubscribe" difficulties.  If you
> wish to unsubscribe, please send a message containing the single line
> "unsubscribe vpn your-e-mail-address" to
owner-vpn at listserv.secnetgroup.com
>
> ****************************************************************
>

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************




More information about the VPN mailing list