From: Mark Lewis (markl11@hotmail.com)
Date: Sun Jun 20 2004 - 13:35:07 GMT-3
Cisco, of course, already have TCP encap running on Cisco VPN clients and
VPN 3000 concentrators - and lots of people are using it. So, Cisco at least
think it's a good idea :)
I'm not sure how they addressed this issue, but I guess they have they've
already found a way around it, or found it not to be a practical concern.
But it's an interesting point.
See:
Mark
CCIE#6280 / CCSI#21051 / etc.
Author:www.ciscopress.com/1587051044
>From: Dan Shechter <danshtr@yahoo.com>
>To: Mark Lewis <markl11@hotmail.com>, mathew@oztralia.com,
>ccielab@groupstudy.com
>Subject: Re: "IPSec over TCP" server a CISCO IOS based router! Is it
>possible?
>Date: Sun, 20 Jun 2004 09:20:01 -0700 (PDT)
>
>A good read about why TCP tunnel is bad idea
>
>http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
>
>BTW, I changed my email from dans@danbsd.a.la to danshtr@yahoo.com
>
>--- Mark Lewis <markl11@hotmail.com> wrote:
> > As far as I'm aware Cisco doesn't yet support NAT traversal (or NAT
> >
> > transparency as they call it) with TCP encap in IOS.
> >
> > IOS currently supports regular NAT traversal with UDP encap (on
> > port 4500):
> >
> >
>http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bca.html
> >
> >
> > But I hope that they add support for TCP encap in IOS soon :)
> >
> > Mark
> >
> > CCIE#6280 / CCSI#21051 / etc.
> >
> > Author: www.ciscopress.com/1587051044
> >
> >
> >
> >
> > >From: Mathew <mathew@oztralia.com>
> > >Reply-To: Mathew <mathew@oztralia.com>
> > >To: istong@stong.org, ccielab@groupstudy.com
> > >Subject: Re: "IPSec over TCP" server a CISCO IOS based router! Is
> > it
> > >possible?
> > >Date: Mon, 21 Jun 2004 01:12:10 +1000
> > >
> > >Hi Ian,
> > >
> > >Thanks for the reply.
> > >IOS ver is 12.3(9)- (image - c2600-ik9o3s3-mz.123-9.bin)
> > >
> > >I could not fine any commands for my requirement.
> > >
> > >Mathew
> > >
> > >istong@stong.org wrote:
> > >
> > >>Hi Mathew,
> > >>
> > >>Which IOS version are you running. Please be sure it is at
> > >>least 12.2.13T Enterprise as I believe what you are trying
> > >>to do may work with a new T tran IOS (NAT Traversal support,
> > >>etc).
> > >>
> > >>Just something to consider,
> > >>
> > >>Ian
> > >>http://www.ccie4u.com
> > >>Rack Rentals and Lab Scenarios starting at only $20
> > >>
> > >>
> > >>
> > >>
> > >>>Hi Danny/All,
> > >>>
> > >>>Thank you for the reply.
> > >>>
> > >>>Yes, it is Easy VPN server on IOS. The question is how to
> > >>>get the IPSec end-to-end via a TCP port.
> > >>>
> > >>>The reason is that I need to access my home LAN from
> > >>>office but office Firewall has got only TCP port 80 & 443
> > >>>opened (I do not control the Firewall).
> > >>>
> > >>>Do you know whether the IOS can be configured to act as an
> > >>>IPSec server and to operate over a TCP port?
> > >>>
> > >>>Thanks for the reply.
> > >>>
> > >>>Mathew
> > >>>
> > >>>
> > >>>Danny Andaluz wrote:
> > >>>
> > >>>
> > >>>>This might be what you're looking for. I skimmed
> > >>>>through it and it looked like it might be it.
> > >>>>
> > >>>>http://www.cisco.com/en/US/products/sw/secursw/ps5299/
> > >>>>
> > >>>>Danny
> > >>>>
> > >>>>On Fri, 18 Jun 2004 16:30:06 -0700, Tony Schaffran
> > >>>><groupstudy@cconlinelabs.com> wrote:
> > >>>>
> > >>>>
> > >>>>>If you can configure a VPN endpoint on a cisco router
> > >>>
> > >>>and you can configure >>the client to match, then it
> > >>>should work. >>
> > >>>
> > >>>>>I have configured numerous VPN endpoints to be connected
> > >>>
> > >>>with numerous VPN >>clients, but I do not recall
> > >>>specifically a CISCO router and a CISCO VPN >>client.
> > >>>
> > >>>>>I would think it would work. Have you tried it?
> > >>>>>
> > >>>>>Tony Schaffran
> > >>>>>Network Analyst
> > >>>>>CCIE #11071
> > >>>>>CCNP, CCNA, CCDA,
> > >>>>>NNCDS, NNCSS, CNE, MCSE
> > >>>>>
> > >>>>>www.cconlinelabs.com
> > >>>>>Your #1 choice for online Cisco rack rentals.
> > >>>>>
> > >>>>>-----Original Message-----
> > >>>>>From: nobody@groupstudy.com
> > >>>
> > >>>[mailto:nobody@groupstudy.com] On Behalf Of >>Mathew
> > >>>
> > >>>>>Sent: Friday, June 18, 2004 7:47 AM
> > >>>>>To: ccielab@groupstudy.com
> > >>>>>Subject: "IPSec over TCP" server a CISCO IOS based
> > >>>
> > >>>router! Is it possible? >>
> > >>>
> > >>>>>Hi
> > >>>>>
> > >>>>>Can I know whether we can setup an "IPSec over TCP"
> > >>>
> > >>>between a CISCO IOS >>based router and a CISCO VPN Client
> > >>>supporting "IPSec over TCP".? >>
> > >>>
> > >>>>>The link below shows that it is possible between the
> > >>>
> > >>>Cisco VPN 3000 >>Concentrator with VPN Client.
> > >>>
> > >>>>>http://www.cisco.com/en/US/partner/products/hw/vpndevc/p
> > >>>
> > >>>s2284/products_confi
> > >>>
> > >>>>>guration_example09186a00800946bc.shtml >>
> > >>>>>If it is possible to configure the CISCO IOS, please let
> > >>>
> > >>>me know the >>configuration details.
> > >>>
> > >>>>>Thanks
> > >>>>>
> > >>>>>Mathew
> > >>>>>
> > >>>>>________________________________________________________
> > >>>
> > >>>_______________ >>Please help support GroupStudy by
> > >>>purchasing your study materials from:
> > >>>
> > >>>>>http://shop.groupstudy.com >>
> > >>>>>Subscription information may be found at:
> > >>>>>http://www.groupstudy.com/list/CCIELab.html
> > >>>>>
> > >>>>>________________________________________________________
> > >>>
> > >>>_______________ >>Please help support GroupStudy by
> > >>>purchasing your study materials from:
> > >>>
> > >>>>>http://shop.groupstudy.com >>
> > >>>>>Subscription information may be found at:
> > >>>>>http://www.groupstudy.com/list/CCIELab.html
> > >>>
> > >>>__________________________________________________________
> > >>>_____________ Please help support GroupStudy by purchasing
> > >>>your study materials from: http://shop.groupstudy.com
> > >>>
> > >>>Subscription information may be found at:
> > >>>http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >>______________________________________________
> > >>
> > >>Check Your Email From Any Where in the World!
> > >>
> > >>http://www.myemail.com
> > >>
> > >>Tell Your Friends about MyEmail.com!
> > >>______________________________________________
> > >
> >
> >_______________________________________________________________________
> > >Please help support GroupStudy by purchasing your study materials
> > from:
> > >http://shop.groupstudy.com
> > >
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> >
> > _________________________________________________________________
> > Express yourself with cool new emoticons
> > http://www.msn.co.uk/specials/myemo
> >
> >
>_______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials
> > from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>=====
>Best Regards,
>Dan
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:45 GMT-3