Re: "IPSec over TCP" server a CISCO IOS based router! Is it

From: Mark Lewis (markl11@hotmail.com)
Date: Sun Jun 20 2004 - 12:56:14 GMT-3

• Next message: Ian Stong: "RE: "IPSec over TCP" server a CISCO IOS based router! Is it"
• Previous message: Sharma, Mohit: "Ospf network types"
• Maybe in reply to: Mathew: ""IPSec over TCP" server a CISCO IOS based router! Is it"
• Next in thread: Ian Stong: "RE: "IPSec over TCP" server a CISCO IOS based router! Is it"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As far as I'm aware Cisco doesn't yet support NAT traversal (or NAT
transparency as they call it) with TCP encap in IOS.

IOS currently supports regular NAT traversal with UDP encap (on port 4500):

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bca.html

But I hope that they add support for TCP encap in IOS soon :)

Mark

CCIE#6280 / CCSI#21051 / etc.

Author: www.ciscopress.com/1587051044

>From: Mathew <mathew@oztralia.com>
>Reply-To: Mathew <mathew@oztralia.com>
>To: istong@stong.org, ccielab@groupstudy.com
>Subject: Re: "IPSec over TCP" server a CISCO IOS based router! Is it
>possible?
>Date: Mon, 21 Jun 2004 01:12:10 +1000
>
>Hi Ian,
>
>Thanks for the reply.
>IOS ver is 12.3(9)- (image - c2600-ik9o3s3-mz.123-9.bin)
>
>I could not fine any commands for my requirement.
>
>Mathew
>
>istong@stong.org wrote:
>
>>Hi Mathew,
>>
>>Which IOS version are you running. Please be sure it is at
>>least 12.2.13T Enterprise as I believe what you are trying
>>to do may work with a new T tran IOS (NAT Traversal support,
>>etc).
>>
>>Just something to consider,
>>
>>Ian
>>http://www.ccie4u.com
>>Rack Rentals and Lab Scenarios starting at only $20
>>
>>
>>
>>
>>>Hi Danny/All,
>>>
>>>Thank you for the reply.
>>>
>>>Yes, it is Easy VPN server on IOS. The question is how to
>>>get the IPSec end-to-end via a TCP port.
>>>
>>>The reason is that I need to access my home LAN from
>>>office but office Firewall has got only TCP port 80 & 443
>>>opened (I do not control the Firewall).
>>>
>>>Do you know whether the IOS can be configured to act as an
>>>IPSec server and to operate over a TCP port?
>>>
>>>Thanks for the reply.
>>>
>>>Mathew
>>>
>>>
>>>Danny Andaluz wrote:
>>>
>>>
>>>>This might be what you're looking for. I skimmed
>>>>through it and it looked like it might be it.
>>>>
>>>>http://www.cisco.com/en/US/products/sw/secursw/ps5299/
>>>>
>>>>Danny
>>>>
>>>>On Fri, 18 Jun 2004 16:30:06 -0700, Tony Schaffran
>>>><groupstudy@cconlinelabs.com> wrote:
>>>>
>>>>
>>>>>If you can configure a VPN endpoint on a cisco router
>>>
>>>and you can configure >>the client to match, then it
>>>should work. >>
>>>
>>>>>I have configured numerous VPN endpoints to be connected
>>>
>>>with numerous VPN >>clients, but I do not recall
>>>specifically a CISCO router and a CISCO VPN >>client.
>>>
>>>>>I would think it would work. Have you tried it?
>>>>>
>>>>>Tony Schaffran
>>>>>Network Analyst
>>>>>CCIE #11071
>>>>>CCNP, CCNA, CCDA,
>>>>>NNCDS, NNCSS, CNE, MCSE
>>>>>
>>>>>www.cconlinelabs.com
>>>>>Your #1 choice for online Cisco rack rentals.
>>>>>
>>>>>-----Original Message-----
>>>>>From: nobody@groupstudy.com
>>>
>>>[mailto:nobody@groupstudy.com] On Behalf Of >>Mathew
>>>
>>>>>Sent: Friday, June 18, 2004 7:47 AM
>>>>>To: ccielab@groupstudy.com
>>>>>Subject: "IPSec over TCP" server a CISCO IOS based
>>>
>>>router! Is it possible? >>
>>>
>>>>>Hi
>>>>>
>>>>>Can I know whether we can setup an "IPSec over TCP"
>>>
>>>between a CISCO IOS >>based router and a CISCO VPN Client
>>>supporting "IPSec over TCP".? >>
>>>
>>>>>The link below shows that it is possible between the
>>>
>>>Cisco VPN 3000 >>Concentrator with VPN Client.
>>>
>>>>>http://www.cisco.com/en/US/partner/products/hw/vpndevc/p
>>>
>>>s2284/products_confi
>>>
>>>>>guration_example09186a00800946bc.shtml >>
>>>>>If it is possible to configure the CISCO IOS, please let
>>>
>>>me know the >>configuration details.
>>>
>>>>>Thanks
>>>>>
>>>>>Mathew
>>>>>
>>>>>________________________________________________________
>>>
>>>_______________ >>Please help support GroupStudy by
>>>purchasing your study materials from:
>>>
>>>>>http://shop.groupstudy.com >>
>>>>>Subscription information may be found at:
>>>>>http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>________________________________________________________
>>>
>>>_______________ >>Please help support GroupStudy by
>>>purchasing your study materials from:
>>>
>>>>>http://shop.groupstudy.com >>
>>>>>Subscription information may be found at:
>>>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>__________________________________________________________
>>>_____________ Please help support GroupStudy by purchasing
>>>your study materials from: http://shop.groupstudy.com
>>>
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>
>>______________________________________________
>>
>>Check Your Email From Any Where in the World!
>>
>>http://www.myemail.com
>>
>>Tell Your Friends about MyEmail.com!
>>______________________________________________
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Ian Stong: "RE: "IPSec over TCP" server a CISCO IOS based router! Is it"
• Previous message: Sharma, Mohit: "Ospf network types"
• Maybe in reply to: Mathew: ""IPSec over TCP" server a CISCO IOS based router! Is it"
• Next in thread: Ian Stong: "RE: "IPSec over TCP" server a CISCO IOS based router! Is it"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:45 GMT-3