Re: "IPSec over TCP" server a CISCO IOS based router! Is it

From: Dan Shechter (danshtr@yahoo.com)
Date: Sun Jun 20 2004 - 13:20:01 GMT-3

A good read about why TCP tunnel is bad idea

http://sites.inka.de/sites/bigred/devel/tcp-tcp.html

BTW, I changed my email from dans@danbsd.a.la to danshtr@yahoo.com

--- Mark Lewis <markl11@hotmail.com> wrote:
> As far as I'm aware Cisco doesn't yet support NAT traversal (or NAT
>
> transparency as they call it) with TCP encap in IOS.
>
> IOS currently supports regular NAT traversal with UDP encap (on
> port 4500):
>
>
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bca.html
>
>
> But I hope that they add support for TCP encap in IOS soon :)
>
> Mark
>
> CCIE#6280 / CCSI#21051 / etc.
>
> Author: www.ciscopress.com/1587051044
>
>
>
>
> >From: Mathew <mathew@oztralia.com>
> >Reply-To: Mathew <mathew@oztralia.com>
> >To: istong@stong.org, ccielab@groupstudy.com
> >Subject: Re: "IPSec over TCP" server a CISCO IOS based router! Is
> it
> >possible?
> >Date: Mon, 21 Jun 2004 01:12:10 +1000
> >
> >Hi Ian,
> >
> >Thanks for the reply.
> >IOS ver is 12.3(9)- (image - c2600-ik9o3s3-mz.123-9.bin)
> >
> >I could not fine any commands for my requirement.
> >
> >Mathew
> >
> >istong@stong.org wrote:
> >
> >>Hi Mathew,
> >>
> >>Which IOS version are you running. Please be sure it is at
> >>least 12.2.13T Enterprise as I believe what you are trying
> >>to do may work with a new T tran IOS (NAT Traversal support,
> >>etc).
> >>
> >>Just something to consider,
> >>
> >>Ian
> >>http://www.ccie4u.com
> >>Rack Rentals and Lab Scenarios starting at only $20
> >>
> >>
> >>
> >>
> >>>Hi Danny/All,
> >>>
> >>>Thank you for the reply.
> >>>
> >>>Yes, it is Easy VPN server on IOS. The question is how to
> >>>get the IPSec end-to-end via a TCP port.
> >>>
> >>>The reason is that I need to access my home LAN from
> >>>office but office Firewall has got only TCP port 80 & 443
> >>>opened (I do not control the Firewall).
> >>>
> >>>Do you know whether the IOS can be configured to act as an
> >>>IPSec server and to operate over a TCP port?
> >>>
> >>>Thanks for the reply.
> >>>
> >>>Mathew
> >>>
> >>>
> >>>Danny Andaluz wrote:
> >>>
> >>>
> >>>>This might be what you're looking for. I skimmed
> >>>>through it and it looked like it might be it.
> >>>>
> >>>>http://www.cisco.com/en/US/products/sw/secursw/ps5299/
> >>>>
> >>>>Danny
> >>>>
> >>>>On Fri, 18 Jun 2004 16:30:06 -0700, Tony Schaffran
> >>>><groupstudy@cconlinelabs.com> wrote:
> >>>>
> >>>>
> >>>>>If you can configure a VPN endpoint on a cisco router
> >>>
> >>>and you can configure >>the client to match, then it
> >>>should work. >>
> >>>
> >>>>>I have configured numerous VPN endpoints to be connected
> >>>
> >>>with numerous VPN >>clients, but I do not recall
> >>>specifically a CISCO router and a CISCO VPN >>client.
> >>>
> >>>>>I would think it would work. Have you tried it?
> >>>>>
> >>>>>Tony Schaffran
> >>>>>Network Analyst
> >>>>>CCIE #11071
> >>>>>CCNP, CCNA, CCDA,
> >>>>>NNCDS, NNCSS, CNE, MCSE
> >>>>>
> >>>>>www.cconlinelabs.com
> >>>>>Your #1 choice for online Cisco rack rentals.
> >>>>>
> >>>>>-----Original Message-----
> >>>>>From: nobody@groupstudy.com
> >>>
> >>>[mailto:nobody@groupstudy.com] On Behalf Of >>Mathew
> >>>
> >>>>>Sent: Friday, June 18, 2004 7:47 AM
> >>>>>To: ccielab@groupstudy.com
> >>>>>Subject: "IPSec over TCP" server a CISCO IOS based
> >>>
> >>>router! Is it possible? >>
> >>>
> >>>>>Hi
> >>>>>
> >>>>>Can I know whether we can setup an "IPSec over TCP"
> >>>
> >>>between a CISCO IOS >>based router and a CISCO VPN Client
> >>>supporting "IPSec over TCP".? >>
> >>>
> >>>>>The link below shows that it is possible between the
> >>>
> >>>Cisco VPN 3000 >>Concentrator with VPN Client.
> >>>
> >>>>>http://www.cisco.com/en/US/partner/products/hw/vpndevc/p
> >>>
> >>>s2284/products_confi
> >>>
> >>>>>guration_example09186a00800946bc.shtml >>
> >>>>>If it is possible to configure the CISCO IOS, please let
> >>>
> >>>me know the >>configuration details.
> >>>
> >>>>>Thanks
> >>>>>
> >>>>>Mathew
> >>>>>
> >>>>>________________________________________________________
> >>>
> >>>_______________ >>Please help support GroupStudy by
> >>>purchasing your study materials from:
> >>>
> >>>>>http://shop.groupstudy.com >>
> >>>>>Subscription information may be found at:
> >>>>>http://www.groupstudy.com/list/CCIELab.html
> >>>>>
> >>>>>________________________________________________________
> >>>
> >>>_______________ >>Please help support GroupStudy by
> >>>purchasing your study materials from:
> >>>
> >>>>>http://shop.groupstudy.com >>
> >>>>>Subscription information may be found at:
> >>>>>http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>__________________________________________________________
> >>>_____________ Please help support GroupStudy by purchasing
> >>>your study materials from: http://shop.groupstudy.com
> >>>
> >>>Subscription information may be found at:
> >>>http://www.groupstudy.com/list/CCIELab.html
> >>
> >>______________________________________________
> >>
> >>Check Your Email From Any Where in the World!
> >>
> >>http://www.myemail.com
> >>
> >>Tell Your Friends about MyEmail.com!
> >>______________________________________________
> >
>
>_______________________________________________________________________
> >Please help support GroupStudy by purchasing your study materials
> from:
> >http://shop.groupstudy.com
> >
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _________________________________________________________________
> Express yourself with cool new emoticons
> http://www.msn.co.uk/specials/myemo
>
>

This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:45 GMT-3