From: Jared Scrivener (jscrivener@ipexpert.com)
Date: Thu Jul 03 2008 - 19:30:58 ART
Not a problem. I had a feeling that would be turned on somewhere.
In the security lab you can have application layer inspection enabled on the
IDS/IPS, PIX, ASA or routers. That can get really annoying, so it's worth
drawing a quick picture of the network traffic flows and checking any of
those devices if you have issues with HTTP, FTP, ICMP etc.
Cheers,
Jared Scrivener CCIE2 #16983 (R&S, Security), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com
_____
From: Muhammad Nasim [mailto:muhammad.nasim@gmail.com]
Sent: Thursday, 3 July 2008 6:20 PM
To: jscrivener@ipexpert.com
Cc: security@groupstudy.com; Cisco certification
Subject: Re: Amazing behavior of VPN Concentrator
Thanks Jared for pointing me towards IPS.
Yes indeed HTTP inspection was enable on port 8080-8080. I just removed that
port from Miscellenous option in IPS it worked.
One can die in the lab if this problem occurs to anyone
2008/7/4 Jared Scrivener <jscrivener@ipexpert.com>:
Are you inspecting any protocols on the ASA? Is there an IDS configured that
is inspecting protocols? What about the routers?
Cheers,
Jared Scrivener CCIE2 #16983 (R&S, Security), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com
_____
From: Muhammad Nasim [mailto:muhammad.nasim@gmail.com]
Sent: Thursday, 3 July 2008 6:05 PM
To: jscrivener@ipexpert.com
Cc: security@groupstudy.com; Cisco certification; Rami Hasan; Raphael
Kruczkowski; P R Reddy; Salem Baras; Ahmad Safiullah; Victor Lam
Subject: Re: Amazing behavior of VPN Concentrator
Firewall is in multiple context and tcp traffic is permitted from OUTSIDE to
inside
on inside I have PC and on outside i have VPN-Concentrator
nothing is there on the firewall as I can access VPN-Conc on different ports
really very strange I am still trying to figure it out what
Any help will be appreciated
2008/7/4 Jared Scrivener <jscrivener@ipexpert.com>:
I'd check your firewall first. Is it doing anything to manipulate the
traffic flow?
Cheers,
Jared Scrivener CCIE2 #16983 (R&S, Security), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Muhammad Nasim
Sent: Thursday, 3 July 2008 5:16 PM
To: security@groupstudy.com; Cisco certification
Cc: Rami Hasan; Raphael Kruczkowski; P R Reddy; Salem Baras; Ahmad
Safiullah; Victor Lam
Subject: Amazing behavior of VPN Concentrator
Dear All,
I am getting strange problem in VPN Concentrator.
Following are the Tasks
1. Allow administaration of VPN concentrator on PUBLIC interface.
2. Disable http to https redirection ( By default HTTP to https redirection
is there on Public interface)
3.The administration should be port *8080.*
Now I have done above tasks more then 10 times and every thing worked fine
for me. My PC from where I want to access VPN concentrator and VPN
concentrator were in same vlan and every thing worked fine.
Just now I put some routers and firewall b/w VPN concentrator and PC for
testing purpose and tried to access VPN conentrator on port
*8080*GUI(graphical user interface). I can see the login page of VPN
concentrator
but when I enterted username and password. I can NOT login to it. BUT if I
change the port to any port other then 8080 it works and I have no issues
to access it.
My question is that why I am able to access VPN concentrator on port 8080
when my PC and VPN-C is in same subnet (vlan) and WHY I CAN NOT ACCESS
VPN-CON ON PORT *8080* when in b/w I have routers and firewalls.
Any Ideas.
Thanlks
-- Muhammad Nasim Network Engineer Saudi Arabia-- Muhammad Nasim Network Engineer Saudi Arabia
-- Muhammad Nasim Network Engineer Saudi Arabia
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:53 ART