From: Perrymon, Josh L. (PerrymonJ@bek.com)
Date: Thu Feb 06 2003 - 11:14:23 GMT-3
Good Morning Gentlemen,
I have a question for you.
After implementing a Cisco VPN solution @ work I have found several
interesting security policies @ customer sites that require VPN access to
our network.
1) One remote site's security policy said that NO encrypted traffic was
allowed on the network. So I couldn't use client-to-Peer VPN.I had to use
site-to-site and implement RSA tokens for 2nd level authentication.
2) Another location is letting me plug some users into their LAN. I wanted
to put a pix 506 and perform IPSEC peer-to-peer top my site. Security policy
won't let them implement any firewall behind their firewall. SO I have to
use the client.
3) This is the question.. Another company won't to use the Nortel client to
connect to my Pix. The guy tells me it's IPSEC standards. Has anyone done
this?? Or can it be done. I don't recognize the 800x ports.
Thanks,
-Joshua Perrymon
Infosec BE&K
-----Original Message-----
From: Chuck Church [mailto:ccie8776@rochester.rr.com]
Sent: Friday, January 31, 2003 12:49 PM
To: Wright, Jeremy; security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: Re: Nortel Contivity Client On PC Behind PIX
Jeremy,
I did this about 18 months ago for a client. Not sure if Nortel has
changed anything, but I had:
ip nat inside source static 192.168.2.77 x.x.104.244
access-list 101 permit tcp any any range 8003 8004
access-list 101 permit udp any any range 8003 8004
access-list 101 permit udp any any eq isakmp
access-list 101 permit ahp any any
access-list 101 permit esp any any
This was on a router, but it should apply to Pix as well. It's IPSec, so
you need a static nat for the internal VPN client. I think all these access
rules were needed as well. ACL 101 is on outside interface, inbound.
Chuck Church
CCIE #8776, MCNE, MCSE
----- Original Message -----
From: "Wright, Jeremy" <wright@admworld.com>
To: <security@groupstudy.com>
Cc: <ccielab@groupstudy.com>
Sent: Friday, January 31, 2003 12:28 PM
Subject: OT: Nortel Contivity Client On PC Behind PIX
> Does anyone have a sample config that shows a PC with Nortel Contivity VPN
> software on it establishing a VPN through a PIX to an outside destination?
> (Meaning a sample of the PIX config)
>
>
>
>
>
>
>
>
>
>
> ************************
> Jeremy Wright
> Network Analyst
> Archer Daniels Midland
> ja_wright@admworld.com
> (217)451-4063
>
> ************************
>
>
>
> CONFIDENTIALITY NOTICE:
>
> This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is privileged,
> confidential and exempt from disclosure under applicable law. If the
reader
> of this message is not the intended recipient or the employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited.
> If you have received this communication in error, please notify us
> immediately by email reply or by telephone and immediately delete this
> message and any attachments. In the U.S. call us toll free at (800)
> 637-5843.
> .
.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:12 GMT-3