IPSec over TCP
Eric.Malenfant-xNZwKgViW5gAvxtiuMwx3w at public.gmane.org
Eric.Malenfant-xNZwKgViW5gAvxtiuMwx3w at public.gmane.org
Thu Dec 1 20:23:56 UTC 2005
IPSO Only.. :)
-----Original Message-----
From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug-lxSQFCZeNF4 at public.gmane.org] On Behalf Of ext
Ansar Mohammed
Sent: Thursday, December 01, 2005 3:22 PM
To: tlug-lxSQFCZeNF4 at public.gmane.org
Subject: RE: [TLUG]: IPSec over TCP
Hey Eric, has Checkpoint ported FW-1 to FreeBSD yet or are they still
limiting you to IPSO?
> -----Original Message-----
> From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug-lxSQFCZeNF4 at public.gmane.org] On Behalf Of
> Eric.Malenfant-xNZwKgViW5gAvxtiuMwx3w at public.gmane.org
> Sent: December 1, 2005 1:26 PM
> To: tlug-lxSQFCZeNF4 at public.gmane.org
> Subject: RE: [TLUG]: IPSec over TCP
>
> Cisco and Check Point are the only 2 I know of as well (I am a CCSE+)
>
> tcp/500 was only created so their respective clients could communicate
> from behind nat devices without using UDP encapsulation.
>
> Under Linux, the KAME ipsec-tools work fine, but 500/tcp is not
> supported as of yet, but NAT-T on port 4500 is, which is the real way
> to support ike over tcp.
>
> Nat-t on port 4500 is the way to go, as I know Check Point now
> supports it, but I am currently not sure about Cisco.
>
> Eric Malenfant, NSA, CCSE+, RHCE
>
>
>
>
>
> -----Original Message-----
> From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug-lxSQFCZeNF4 at public.gmane.org] On Behalf Of ext
> Ansar Mohammed
> Sent: Thursday, December 01, 2005 2:05 AM
> To: tlug-lxSQFCZeNF4 at public.gmane.org
> Subject: RE: [TLUG]: IPSec over TCP
>
> IPSec also uses IP Protocol 50 and 51.
> IKE uses udp 500. Some vendors have implemented ike over tcp 500
> (checkpoint and cisco) I don't think ike over tcp is standard.
>
>
> > -----Original Message-----
> > From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug-lxSQFCZeNF4 at public.gmane.org] On Behalf Of
> > Byron Sonne
> > Sent: November 30, 2005 6:24 PM
> > To: tlug-lxSQFCZeNF4 at public.gmane.org
> > Subject: [TLUG]: IPSec over TCP
> >
> > Hey Folks,
> >
> > Seems that 500/UDP is the main focus for IPSec. However, I need to
> > be able to detect IPSec running over TCP, and of all the things I've
> > played around with (gear at work running IPSec, swan, isakmpd, etc.)
> > 500/TCP never seems to be open.
> >
> > I don't need to actually have working communications and info
> > exchange
>
> > between entities, etc. I'm not interested in creating a viable
> network.
> > What I do want to get is a server setup that listens on 500/TCP for
> > IPSec stuff so I can attempt to tickle responses out of it, and I'm
> > not having any luck.
> >
> > Can anyone give me some pointers? I'd appreciate it! (or a live IP
> > listening on 500/TCP that doesn't mind some heavy probing ;)
> >
> > Regards,
> > Byron
> > --
> > The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> > TLUG requests: Linux topics, No HTML, wrap text below 80 columns How
> > to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>
> --
> The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns How
> to
> UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
> --
> The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns How
> to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to
UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list