RE: "IPSec over TCP" server a CISCO IOS based router! Is it

From: Ian Stong (istong@stong.org)
Date: Sun Jun 20 2004 - 13:03:42 GMT-3

Ah yes - that sounds familiar. I believe it is also an issue even with
the PIX and not just router IOS software. I've heard version 7.x of the
PIX is planned to include support for NAT T over TCP.

Ian
http://www.ccie4u.com
Rack Rentals and Lab Scenarios starting at only $20

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mark Lewis
Sent: Sunday, June 20, 2004 11:56 AM
To: mathew@oztralia.com; ccielab@groupstudy.com
Subject: Re: "IPSec over TCP" server a CISCO IOS based router! Is it
possible?

As far as I'm aware Cisco doesn't yet support NAT traversal (or NAT
transparency as they call it) with TCP encap in IOS.

IOS currently supports regular NAT traversal with UDP encap (on port
4500):

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products_
feature_guide09186a0080110bca.html

But I hope that they add support for TCP encap in IOS soon :)

Mark

CCIE#6280 / CCSI#21051 / etc.

Author: www.ciscopress.com/1587051044

>From: Mathew <mathew@oztralia.com>
>Reply-To: Mathew <mathew@oztralia.com>
>To: istong@stong.org, ccielab@groupstudy.com
>Subject: Re: "IPSec over TCP" server a CISCO IOS based router! Is it
>possible?
>Date: Mon, 21 Jun 2004 01:12:10 +1000
>
>Hi Ian,
>
>Thanks for the reply.
>IOS ver is 12.3(9)- (image - c2600-ik9o3s3-mz.123-9.bin)
>
>I could not fine any commands for my requirement.
>
>Mathew
>
>istong@stong.org wrote:
>
>>Hi Mathew,
>>
>>Which IOS version are you running. Please be sure it is at
>>least 12.2.13T Enterprise as I believe what you are trying
>>to do may work with a new T tran IOS (NAT Traversal support,
>>etc).
>>
>>Just something to consider,
>>
>>Ian
>>http://www.ccie4u.com
>>Rack Rentals and Lab Scenarios starting at only $20
>>
>>
>>
>>
>>>Hi Danny/All,
>>>
>>>Thank you for the reply.
>>>
>>>Yes, it is Easy VPN server on IOS. The question is how to
>>>get the IPSec end-to-end via a TCP port.
>>>
>>>The reason is that I need to access my home LAN from
>>>office but office Firewall has got only TCP port 80 & 443
>>>opened (I do not control the Firewall).
>>>
>>>Do you know whether the IOS can be configured to act as an
>>>IPSec server and to operate over a TCP port?
>>>
>>>Thanks for the reply.
>>>
>>>Mathew
>>>
>>>
>>>Danny Andaluz wrote:
>>>
>>>
>>>>This might be what you're looking for. I skimmed
>>>>through it and it looked like it might be it.
>>>>
>>>>http://www.cisco.com/en/US/products/sw/secursw/ps5299/
>>>>
>>>>Danny
>>>>
>>>>On Fri, 18 Jun 2004 16:30:06 -0700, Tony Schaffran
>>>><groupstudy@cconlinelabs.com> wrote:
>>>>
>>>>
>>>>>If you can configure a VPN endpoint on a cisco router
>>>
>>>and you can configure >>the client to match, then it
>>>should work. >>
>>>
>>>>>I have configured numerous VPN endpoints to be connected
>>>
>>>with numerous VPN >>clients, but I do not recall
>>>specifically a CISCO router and a CISCO VPN >>client.
>>>
>>>>>I would think it would work. Have you tried it?
>>>>>
>>>>>Tony Schaffran
>>>>>Network Analyst
>>>>>CCIE #11071
>>>>>CCNP, CCNA, CCDA,
>>>>>NNCDS, NNCSS, CNE, MCSE
>>>>>
>>>>>www.cconlinelabs.com
>>>>>Your #1 choice for online Cisco rack rentals.
>>>>>
>>>>>-----Original Message-----
>>>>>From: nobody@groupstudy.com
>>>
>>>[mailto:nobody@groupstudy.com] On Behalf Of >>Mathew
>>>
>>>>>Sent: Friday, June 18, 2004 7:47 AM
>>>>>To: ccielab@groupstudy.com
>>>>>Subject: "IPSec over TCP" server a CISCO IOS based
>>>
>>>router! Is it possible? >>
>>>
>>>>>Hi
>>>>>
>>>>>Can I know whether we can setup an "IPSec over TCP"
>>>
>>>between a CISCO IOS >>based router and a CISCO VPN Client
>>>supporting "IPSec over TCP".? >>
>>>
>>>>>The link below shows that it is possible between the
>>>
>>>Cisco VPN 3000 >>Concentrator with VPN Client.
>>>
>>>>>http://www.cisco.com/en/US/partner/products/hw/vpndevc/p
>>>
>>>s2284/products_confi
>>>
>>>>>guration_example09186a00800946bc.shtml >>
>>>>>If it is possible to configure the CISCO IOS, please let
>>>
>>>me know the >>configuration details.
>>>
>>>>>Thanks
>>>>>
>>>>>Mathew
>>>>>
>>>>>________________________________________________________
>>>
>>>_______________ >>Please help support GroupStudy by
>>>purchasing your study materials from:
>>>
>>>>>http://shop.groupstudy.com >>
>>>>>Subscription information may be found at:
>>>>>http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>________________________________________________________
>>>
>>>_______________ >>Please help support GroupStudy by
>>>purchasing your study materials from:
>>>
>>>>>http://shop.groupstudy.com >>
>>>>>Subscription information may be found at:
>>>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>__________________________________________________________
>>>_____________ Please help support GroupStudy by purchasing
>>>your study materials from: http://shop.groupstudy.com
>>>
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>
>>______________________________________________
>>
>>Check Your Email From Any Where in the World!
>>
>>http://www.myemail.com
>>
>>Tell Your Friends about MyEmail.com!
>>______________________________________________
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:45 GMT-3