From: Mohammad Saeed (mzsaeed@gmail.com)
Date: Thu Sep 20 2007 - 11:13:05 ART
Let me clarify the situation a little bit.
I am in my office and have no idea what type of FW/Router is used in
my office. So, I connect my laptop to office network get a unique IP,
open up Cisco VPN Client, establish the tunnel to a PIX FW somewhere
on the internet to its external interface which has a Public IP,
tunnel is established and my VPN Adapter gets IP from 10.0.0.0 network
as configured on PIX FW of our client. Now trunnel is stable but I can
not reach any device on 10.0.0.0 network.
Now I just took my laptop home, connected to my home internet
connection, where I have LinkSys Wireless router connecting to cable
modem, Now my laptop got the 192.168.1.100 IP from wireless router.
Now I can browse the internet. I establish the VPN tunnel exactly same
way as I establish in office without any change, tunnel is established
and stable. My VPN Adapter received IP from same 10.0.0.0 network. I
can ping/telnet to almost any device on the 10.0.0.0 network.
Now my suspicion is that as IPSec uses just three packets in AGRESSIVE
Mode for key exchange and probably after that tunnel is established,
may be there is some IDS in our office network which does not detect
that some thing suspecious is going on for first few packets and
tunnel is established, and then it sees some unusual behaviour and
block that connection???
Secondly, my thoughts go to two phases that IPSec uses, can anyone
tell what destination port numbers are used in both phases, may be in
office the FW is blocking the second TCP session that is used to
transfer data after tunnel being established????
Any thoughts????
Regards,
Mohammad Zahed Saeed
On 9/19/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
> Yes, the pix does not do same interface routing. So inside the network it
> wont route on your behalf, as it does from the outside interface towards the
> inside interface from home
>
> You can fix with pix 7 / asa code.
>
> -joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Mohammad Saeed
> Sent: Wednesday, September 19, 2007 9:40 PM
> To: Cisco certification
> Subject: Interesting VPN Access Issue
>
> Hello Every body,
>
> I have Ciisoc VPN Cleint insttaled on my laptop windowsXP. Now if I
> use this VPN Client from myhome Internet connection to establish VPN
> Tunnel to the destination which is a PIX firewall from home, it gets
> connected, and I can reach ping/telnet any device on remote side
> network.
>
> But when I take my system to my office, hook my laptop to office
> network, VPN Cleints gets authenticated and tunnel is established, VPN
> Adapter gets the same IP that its gets when I establish tunnel from
> home, but I can't ping/telnet to any deivces on the remotre network
> that I used to ping/telnet when I am connecting from my home network.
> If I say ping, it just times out, traceroute doesn't even show first
> hop which shall be the other end of the tunnel and telnet times out.
>
> What can be the reason????
>
> If routing on remote end or firewall on the laptop would be issue,
> then how VPN Tunnel is established on the first step?
>
> I will appreciate if any one can hint....
>
> Regards,
>
>
> Mohammad Zahed Saeed
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:14 ART