Cisco Secure and personal firewalls...

David Gillett dgillett at NIKU.COM
Sat Aug 5 15:07:26 EDT 2000


  You haven't identified what kind of personal firewall this is, or even
whether it is hardware or software.  But there are two kinds of issues that
you might need to be aware of:

1.  A firewall blocks traffic that it hasn't been authorized to pass.  Has
this one been authorized to pass the protocols the VPN uses?

2.  Some of the encryptions used by some VPN products (others here can quote
details...) incorporate the IP addresses of the endpoints.  If the firewall
does any kind of NAT/PAT/proxying, the server and the client may disagree
about what the client's IP address "really" is -- and encryptions which
depend upon this will fail.  Ability of VPNs to operate through NAT is still
relatively new; if it's available in your case, it might not be the default
configuration.

David Gillett
Enterprise Networking Services Manager, Niku Corp.
(650) 701-2702
"Transforming the Service Economy"



-----Original Message-----
From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of Jason
Zann
Sent: Friday, August 04, 2000 3:11 PM
To: VPN at SECURITYFOCUS.COM
Subject: Cisco Secure and personal firewalls...


I have a situation where I have a Cisco Secure VPN client sitting on a
machine behind a personal firewall. (i believe the personal firewall in this
situation to be mutually exclusive because i have tested a few and i am
getting ready to test a few more... and all of them are getting the same
results). When the client is outside of the personal firewall, there are no
negative issues to speak of; however, when brought to the internal network,
it will not connect to the server (through the firewall(s)).

My question stems from the fact of why will it not work. I was under the
impression that the Cisco Secure client piece worked at the application
level and all it was doing was forming the tunnel back to the server so that
data could be passed. I can only assume that there is some kind of traffic
that is sent back to the client that the firewall will not pass, and that it
turn cause the connection not to work; however, Cisco denies this.

If there is someone or someplace that can give me an explanation of how
Cisco Secure forms its VPN (from a logical perspective interacting with
other devices, like firewalls), possible reasons it will not work behind
personal firewalls, and what can be done to remedy the situation would be
great.

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list