Re: Amazing behavior of VPN Concentrator

From: Victor Lam (vbplyr@gmail.com)
Date: Thu Jul 03 2008 - 19:30:12 ART

• Next message: Radioactive Frog: "Re: You can pass it"
• Previous message: John: "policy map"
• Maybe in reply to: Muhammad Nasim: "Amazing behavior of VPN Concentrator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What sort of firewall is sitting in between? If an ASA, have you tried
enabling HTTP or TCP inspection on 8080?

From: Muhammad Nasim
Sent: Thursday, July 03, 2008 3:05 PM
To: jscrivener@ipexpert.com
Cc: security@groupstudy.com ; Cisco certification ; Rami Hasan ; Raphael
Kruczkowski ; P R Reddy ; Salem Baras ; Ahmad Safiullah ; Victor Lam
Subject: Re: Amazing behavior of VPN Concentrator

Firewall is in multiple context and tcp traffic is permitted from OUTSIDE to
inside

on inside I have PC and on outside i have VPN-Concentrator

nothing is there on the firewall as I can access VPN-Conc on different ports

really very strange I am still trying to figure it out what

Any help will be appreciated

2008/7/4 Jared Scrivener <jscrivener@ipexpert.com>:

  I'd check your firewall first. Is it doing anything to manipulate the
  traffic flow?

  Cheers,

  Jared Scrivener CCIE2 #16983 (R&S, Security), CISSP

  Technical Instructor - IPexpert, Inc.

  Telephone: +1.810.326.1444
  Fax: +1.810.454.0130
  Mailto: jscrivener@ipexpert.com

  -----Original Message-----
  From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
  Muhammad Nasim
  Sent: Thursday, 3 July 2008 5:16 PM
  To: security@groupstudy.com; Cisco certification
  Cc: Rami Hasan; Raphael Kruczkowski; P R Reddy; Salem Baras; Ahmad
  Safiullah; Victor Lam
  Subject: Amazing behavior of VPN Concentrator

  Dear All,

  I am getting strange problem in VPN Concentrator.

  Following are the Tasks
  1. Allow administaration of VPN concentrator on PUBLIC interface.
  2. Disable http to https redirection ( By default HTTP to https redirection
  is there on Public interface)
  3.The administration should be port *8080.*

  Now I have done above tasks more then 10 times and every thing worked fine
  for me. My PC from where I want to access VPN concentrator and VPN
  concentrator were in same vlan and every thing worked fine.

  Just now I put some routers and firewall b/w VPN concentrator and PC for
  testing purpose and tried to access VPN conentrator on port
  *8080*GUI(graphical user interface). I can see the login page of VPN
  concentrator
  but when I enterted username and password. I can NOT login to it. BUT if I
  change the port to any port other then 8080 it works and I have no issues
  to access it.

  My question is that why I am able to access VPN concentrator on port 8080
  when my PC and VPN-C is in same subnet (vlan) and WHY I CAN NOT ACCESS
  VPN-CON ON PORT *8080* when in b/w I have routers and firewalls.

  Any Ideas.

  Thanlks

  --
  Muhammad Nasim
  Network Engineer
  Saudi Arabia

--
Muhammad Nasim
Network Engineer
Saudi Arabia

• Next message: Radioactive Frog: "Re: You can pass it"
• Previous message: John: "policy map"
• Maybe in reply to: Muhammad Nasim: "Amazing behavior of VPN Concentrator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:53 ART