Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Testing IPSec

To: [email protected]
Subject: Re: [FW-1] Testing IPSec
From: James Schnack <[email protected]>
Date: Tue, 26 Mar 2002 18:07:05 +0000
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Nico,

Did you try sniffing traffic on either end to confirm your suspicion ?
Seeing them out of one box and not seeing them arrive at the other would be
sufficint proof of your theory, I'd say.

You could use some kind of packet forger to "build" ESP packets that would
travel from one end to the other (I've found a few at
http://www.tlsecurity.org/unix/Assesement/PacketForging/)... but as for
knowing *where* exactly they are dropped on their way... that sounds hard
(assuming "their way" is through the Internet).

Just my thoughts. Don't know if they'll help you.

J.

From: Nico De Ranter <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] Testing IPSec
Date: Tue, 26 Mar 2002 17:14:00 +0100

Howdy,

I'm trying to setup a VPN between a VPN-1 NG.FP1 and a Netscreen.
I tried it localy (with only a Cisco in between) and everything worked.
However after installing the Netscreen at the remote site I can't
get the VPN up again.  Now if I remember correctly IPSec/IKE uses
udp port 500 and ip protocol 50.  My guess is that protocol 50 gets
blocked somewhere but I can't prove it. Is there some way to do
traceroute using protocol 50 to see how far it goes? Does that
make sense at all? Anybody any experience with it?

Thanks in advance,

Nico

---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry."
---------------------------------------------------------
Nico De Ranter
Sony Service Center (SDCE/VPE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Testing IPSec
  - From: Nico De Ranter <[email protected]>

Prev by Date: [FW-1] Error when pushing policy
Next by Date: Re: [FW-1] Good school in the New York area??
Previous by thread: [FW-1] Testing IPSec
Next by thread: Re: [FW-1] Testing IPSec
Index(es):
- Date
- Thread