Cisco Secure and personal firewalls...

Patrick Ethier patrick at SECUREOPS.COM
Mon Aug 7 10:04:01 EDT 2000


Hi Jason,

 I don't know the answer to your question but perhaps I can help you figure
it out. The first thing I would do in this case is look on my personal
firewall logs to see if anything is being blocked. That would probably be
the best place to start. Look for traffic being blocked on UDP 500 in
particular. The next thing to do would be to run a TCPDUMP sniffing your
traffic from outside the firewall and then compare that to the traffic from
inside the firewall.


Good luck,

________________
Patrick Ethier
Product Development
SecureOps Inc.
patrick at secureops.com
(514) 982-0678 x 106
(514) 982-0362 - fax


-----Original Message-----
From: Jason Zann [mailto:jason.zann at MARYVILLE.COM]
Sent: Friday, August 04, 2000 6:11 PM
To: VPN at SECURITYFOCUS.COM
Subject: Cisco Secure and personal firewalls...


I have a situation where I have a Cisco Secure VPN client sitting on a
machine behind a personal firewall. (i believe the personal firewall in this
situation to be mutually exclusive because i have tested a few and i am
getting ready to test a few more... and all of them are getting the same
results). When the client is outside of the personal firewall, there are no
negative issues to speak of; however, when brought to the internal network,
it will not connect to the server (through the firewall(s)).

My question stems from the fact of why will it not work. I was under the
impression that the Cisco Secure client piece worked at the application
level and all it was doing was forming the tunnel back to the server so that
data could be passed. I can only assume that there is some kind of traffic
that is sent back to the client that the firewall will not pass, and that it
turn cause the connection not to work; however, Cisco denies this.

If there is someone or someplace that can give me an explanation of how
Cisco Secure forms its VPN (from a logical perspective interacting with
other devices, like firewalls), possible reasons it will not work behind
personal firewalls, and what can be done to remedy the situation would be
great.

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list