From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Thu Jul 03 2008 - 19:20:23 ART
Thanks Jared for pointing me towards IPS.
Yes indeed HTTP inspection was enable on port 8080-8080. I just removed that
port from Miscellenous option in IPS it worked.
One can die in the lab if this problem occurs to anyone
2008/7/4 Jared Scrivener <jscrivener@ipexpert.com>:
> Are you inspecting any protocols on the ASA? Is there an IDS configured
> that is inspecting protocols? What about the routers?
>
>
>
> Cheers,
>
> Jared Scrivener CCIE2 #16983 (R&S, Security), CISSP
>
> Technical Instructor - IPexpert, Inc.
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: jscrivener@ipexpert.com
> ------------------------------
>
> *From:* Muhammad Nasim [mailto:muhammad.nasim@gmail.com]
> *Sent:* Thursday, 3 July 2008 6:05 PM
> *To:* jscrivener@ipexpert.com
> *Cc:* security@groupstudy.com; Cisco certification; Rami Hasan; Raphael
> Kruczkowski; P R Reddy; Salem Baras; Ahmad Safiullah; Victor Lam
> *Subject:* Re: Amazing behavior of VPN Concentrator
>
>
>
> Firewall is in multiple context and tcp traffic is permitted from OUTSIDE
> to inside
>
> on inside I have PC and on outside i have VPN-Concentrator
>
> nothing is there on the firewall as I can access VPN-Conc on different
> ports
>
> really very strange I am still trying to figure it out what
>
> Any help will be appreciated
>
> 2008/7/4 Jared Scrivener <jscrivener@ipexpert.com>:
>
> I'd check your firewall first. Is it doing anything to manipulate the
> traffic flow?
>
> Cheers,
>
> Jared Scrivener CCIE2 #16983 (R&S, Security), CISSP
>
> Technical Instructor - IPexpert, Inc.
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: jscrivener@ipexpert.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Muhammad Nasim
> Sent: Thursday, 3 July 2008 5:16 PM
> To: security@groupstudy.com; Cisco certification
> Cc: Rami Hasan; Raphael Kruczkowski; P R Reddy; Salem Baras; Ahmad
> Safiullah; Victor Lam
> Subject: Amazing behavior of VPN Concentrator
>
> Dear All,
>
> I am getting strange problem in VPN Concentrator.
>
> Following are the Tasks
> 1. Allow administaration of VPN concentrator on PUBLIC interface.
> 2. Disable http to https redirection ( By default HTTP to https redirection
> is there on Public interface)
> 3.The administration should be port *8080.*
>
> Now I have done above tasks more then 10 times and every thing worked fine
> for me. My PC from where I want to access VPN concentrator and VPN
> concentrator were in same vlan and every thing worked fine.
>
> Just now I put some routers and firewall b/w VPN concentrator and PC for
> testing purpose and tried to access VPN conentrator on port
> *8080*GUI(graphical user interface). I can see the login page of VPN
> concentrator
> but when I enterted username and password. I can NOT login to it. BUT if I
> change the port to any port other then 8080 it works and I have no issues
> to access it.
>
> My question is that why I am able to access VPN concentrator on port 8080
> when my PC and VPN-C is in same subnet (vlan) and WHY I CAN NOT ACCESS
> VPN-CON ON PORT *8080* when in b/w I have routers and firewalls.
>
> Any Ideas.
>
> Thanlks
>
> --
> Muhammad Nasim
> Network Engineer
> Saudi Arabia
>
>
>
>
> --
> Muhammad Nasim
> Network Engineer
> Saudi Arabia
>
-- Muhammad Nasim Network Engineer Saudi Arabia
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:53 ART