IPSec over TCP

Eric.Malenfant-xNZwKgViW5gAvxtiuMwx3w at public.gmane.org Eric.Malenfant-xNZwKgViW5gAvxtiuMwx3w at public.gmane.org
Thu Dec 1 18:25:48 UTC 2005 

Cisco and Check Point are the only 2 I know of as well (I am a CCSE+)

tcp/500 was only created so their respective clients could communicate
from behind nat
devices without using UDP encapsulation. 

Under Linux, the KAME ipsec-tools work fine, but 500/tcp is not
supported as of
yet, but NAT-T on port 4500 is, which is the real way to support ike
over tcp.

Nat-t on port 4500 is the way to go, as I know Check Point now supports
it, but
I am currently not sure about Cisco.

Eric Malenfant, NSA, CCSE+, RHCE



 

-----Original Message-----
From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug-lxSQFCZeNF4 at public.gmane.org] On Behalf Of ext
Ansar Mohammed
Sent: Thursday, December 01, 2005 2:05 AM
To: tlug-lxSQFCZeNF4 at public.gmane.org
Subject: RE: [TLUG]: IPSec over TCP

IPSec also uses IP Protocol 50 and 51.
IKE uses udp 500. Some vendors have implemented ike over tcp 500
(checkpoint and cisco) I don't think ike over tcp is standard.


> -----Original Message-----
> From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug-lxSQFCZeNF4 at public.gmane.org] On Behalf Of Byron 
> Sonne
> Sent: November 30, 2005 6:24 PM
> To: tlug-lxSQFCZeNF4 at public.gmane.org
> Subject: [TLUG]: IPSec over TCP
> 
> Hey Folks,
> 
> Seems that 500/UDP is the main focus for IPSec. However, I need to be 
> able to detect IPSec running over TCP, and of all the things I've 
> played around with (gear at work running IPSec, swan, isakmpd, etc.) 
> 500/TCP never seems to be open.
> 
> I don't need to actually have working communications and info exchange

> between entities, etc. I'm not interested in creating a viable
network.
> What I do want to get is a server setup that listens on 500/TCP for 
> IPSec stuff so I can attempt to tickle responses out of it, and I'm 
> not having any luck.
> 
> Can anyone give me some pointers? I'd appreciate it! (or a live IP 
> listening on 500/TCP that doesn't mind some heavy probing ;)
> 
> Regards,
> Byron
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns How 
> to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to
UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list