RE: "IPSec over TCP" server a CISCO IOS based router! Is it

From: Ratko Perlic (ratko.perlic@storm.hr)
Date: Wed Jun 30 2004 - 09:07:39 GMT-3

As far as I know NAT-T over TCP is supported only on VPN concetrators.
PIX and IOS can work only on UDP 4500(which is on RFC draft).

Ratko Perlic
Information & Communication Networks
STORM Computers d.o.o.

-----Original Message-----
From: Tony Schaffran [mailto:groupstudy@cconlinelabs.com]
Sent: 20. lipanj 2004 16:34
To: 'Mathew'; ccielab@groupstudy.com
Subject: RE: "IPSec over TCP" server a CISCO IOS based router! Is it
possible?

Oh yes. I do remember doing that with the concentrator.

I do not know if that can be done with IOS. Sorry.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
 
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mathew
Sent: Sunday, June 20, 2004 7:04 AM
To: groupstudy@cconlinelabs.com; ccielab@groupstudy.com
Subject: Re: "IPSec over TCP" server a CISCO IOS based router! Is it
possible?

Hi Tony,

Thanks.

I know this but it is possible between CISCO VPN Client & Cisco VPN 3000
Concentrator.

See this link -
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_c
onfi
guration_example09186a00800946bc.shtml.

I am trying to do that with IOS & the CISCO VPN Client.

I wonder this can be done and whether anybody has done this.

Please let me know if it is possible.

Mathew

Tony Schaffran wrote:

> You need UDP 500 and protocols 50 and 51 for IPSEC to get through a
> firewall. I do not believe that is configurable.
>
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
> www.cconlinelabs.com
> Your #1 choice for online Cisco rack rentals.
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Mathew
> Sent: Sunday, June 20, 2004 6:43 AM
> To: Danny Andaluz
> Cc: Tony Schaffran; ccielab@groupstudy.com
> Subject: Re: "IPSec over TCP" server a CISCO IOS based router! Is it
> possible?
>
> Hi Danny/All,
>
> Thank you for the reply.
>
> Yes, it is Easy VPN server on IOS. The question is how to get the
> IPSec end-to-end via a TCP port.
>
> The reason is that I need to access my home LAN from office but office

> Firewall has got only TCP port 80 & 443 opened (I do not control the
> Firewall).
>
> Do you know whether the IOS can be configured to act as an IPSec
> server and to operate over a TCP port?
>
> Thanks for the reply.
>
> Mathew
>
>
> Danny Andaluz wrote:
>
>
>>This might be what you're looking for. I skimmed through it and it
>>looked like it might be it.
>>
>>http://www.cisco.com/en/US/products/sw/secursw/ps5299/
>>
>>Danny
>>
>>On Fri, 18 Jun 2004 16:30:06 -0700, Tony Schaffran
>><groupstudy@cconlinelabs.com> wrote:
>>
>>
>>>If you can configure a VPN endpoint on a cisco router and you can
>
> configure
>
>>>the client to match, then it should work.
>>>
>>>I have configured numerous VPN endpoints to be connected with
>>>numerous
VPN
>>>clients, but I do not recall specifically a CISCO router and a CISCO
>>>VPN client.
>>>
>>>I would think it would work. Have you tried it?
>>>
>>>Tony Schaffran
>>>Network Analyst
>>>CCIE #11071
>>>CCNP, CCNA, CCDA,
>>>NNCDS, NNCSS, CNE, MCSE
>>>
>>>www.cconlinelabs.com
>>>Your #1 choice for online Cisco rack rentals.
>>>
>>>-----Original Message-----
>>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>>Of Mathew
>>>Sent: Friday, June 18, 2004 7:47 AM
>>>To: ccielab@groupstudy.com
>>>Subject: "IPSec over TCP" server a CISCO IOS based router! Is it
possible?
>>>
>>>Hi
>>>
>>>Can I know whether we can setup an "IPSec over TCP" between a CISCO
>>>IOS based router and a CISCO VPN Client supporting "IPSec over TCP".?
>>>
>>>The link below shows that it is possible between the Cisco VPN 3000
>>>Concentrator with VPN Client.
>>>
>>>http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/product
>>>s_co
n
>
> fi
>
>>>guration_example09186a00800946bc.shtml
>>>
>>>If it is possible to configure the CISCO IOS, please let me know the
>>>configuration details.
>>>
>>>Thanks
>>>
>>>Mathew
>>>
>>>_____________________________________________________________________
>>>__ Please help support GroupStudy by purchasing your study materials
>>>from:
>>>http://shop.groupstudy.com
>>>
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>_____________________________________________________________________
>>>__ Please help support GroupStudy by purchasing your study materials
>>>from:
>>>http://shop.groupstudy.com
>>>
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>
>
> ______________________________________________________________________
> _ Please help support GroupStudy by purchasing your study materials
> from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:53 GMT-3