Sidewinder 4.01 and GRE

Pat Bryan pbryan at acrux.net
Thu Sep 9 16:03:57 EDT 1999 

Hi,

Just a couple of thoughts..  The Sidewinder is capable of proxying UDP
traffic, it is also possible to allow UDP traffic through the Sidewinder
via an IP filter, and Tina thanks, your documentation paid off, I am now
able to pass GRE through my firewall. Now, what do you know about
performance problems with PPTP? (I.E. simple telnet traffic is sporadic(?)
at best..)


:-)

Pat
-----Original Message-----
From: Muniz, Jose [mailto:Jose.Muniz at US.DataFellows.COM]
Sent: Wednesday, September 08, 1999 11:13 PM
To: Tina Bird; Pat Bryan
Cc: vpn at listserv.secnetgroup.com
Subject: RE: Sidewinder 4.01 and GRE


Hello Tina:

I am having kind of the same problem with a VPN IPsec connection that is
trying to go through the
firewall, using Port 50 UDP for the ESP traffic and Port 500 UDP for IKE,
apparently the
datagrams are not flowing through, and I do not know why, you see this is
not my firewall and
the firewall people claim for it to be open.

Is it that the sidewinder is a proxy firewall and it is not capable of
proxying
the UDP datagrams??? I do not think so, however your thoughts will be
greatly appreciated.

Yours, Jose.

> -----Original Message-----
> From: Tina Bird [mailto:tbird at secnetgroup.com]
> Sent: Saturday, September 04, 1999 10:10 AM
> To: Pat Bryan
> Cc: vpn at listserv.secnetgroup.com
> Subject: Re: Sidewinder 4.01 and GRE
>
>
> Hi Pat --
>
> Did you configure the Sidewinder packet filters to allow
> the GRE traffic?  That involves a combination of COBRA
> work and command line editing.  The specific instructions
> are available at
>
> http://kubarb.phsx.ukans.edu/~tbird/vpn.html
> (click on How-To).  I actually wrote the Sidewinder PPTP
> doc myself, so feel free to ask if this doesn't work.
>
> One caveat -- information from the packet filters doesn't
> make it into /var/log/audit.asc, so debugging can be a little
> awkward...
>
> hope this helps -- Tina
>
> On Sat, 4 Sep 1999, Pat Bryan wrote:
>
> > Date: Sat, 4 Sep 1999 08:16:07 -0500
> > From: Pat Bryan <pbryan at acrux.net>
> > To: vpn at listserv.secnetgroup.com
> > Subject: Sidewinder 4.01 and GRE
> >
> > Howdy,
> >
> > I am attempting to configure PPTP through my SC Sidewinder.
> I have allowed
> > specific class "C" addresses designated by my ISP, into the
> external side of
> > the firewall. I have opened port 1723 and get the initial
> connection, but
> > GRE seems unable to pass.. I.E., when I do a tcpdump on the
> external side of
> > the firewall.. I get something like this..
> >
> >
> > #.#.#.51 > #.#.#.10    IP-PROTO-47    GRE
> > #.#.#.51 > #.#.#.10    IP-PROTO-47    GRE
> > #.#.#.51 > #.#.#.10    IP-PROTO-47    GRE
> > #.#.#.51 > #.#.#.10    IP-PROTO-47    GRE
> > #.#.#.51 > #.#.#.10    IP-PROTO-47    GRE
> >
> > (51 is the dialup node, 10 is the firewall).. And then I am
> disconnected...
> > Any ideas would be greatly appreciated..
> >
> > Thanks,
> > Pat
> >
> > ****************************************************************
> > TO POST A MESSAGE on this list, send it to
> vpn at listserv.secnetgroup.com
> >
> > The VPN FAQ (under construction) is available at
> > http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
> >
> > We are currently experiencing "unsubscribe" difficulties.  If you
> > wish to unsubscribe, please send a message containing the
> single line
> > "unsubscribe vpn your-e-mail-address" to
> owner-vpn at listserv.secnetgroup.com
> >
> > ****************************************************************
> >
>
> ****************************************************************
> TO POST A MESSAGE on this list, send it to
> vpn at listserv.secnetgroup.com
>
> The VPN FAQ (under construction) is available at
> http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
>
> We are currently experiencing "unsubscribe" difficulties.  If you
> wish to unsubscribe, please send a message containing the single line
> "unsubscribe vpn your-e-mail-address" to
> owner-vpn at listserv.secnetgroup.com
>
> ****************************************************************
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2191 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/19990909/503c9e64/attachment.bin

More information about the VPN mailing list