RE: VPN protocols

From: John Forristel (SunGard-Chico) (John.Forristel@sungardbi-tech.com)
Date: Wed Dec 22 2004 - 12:04:16 EST

• Next message: Chris Kuethe: "Re: VPN protocols"
• Previous message: Dan Tesch: "VPN protocols"
• Maybe in reply to: Dan Tesch: "VPN protocols"
• Next in thread: Chris Kuethe: "Re: VPN protocols"
• Reply: Chris Kuethe: "Re: VPN protocols"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

GRE and ESP are protocols, not ports, so they are transported through on
configured ports. In Cisco, you permit gre and esp through for the VPN
traffic.

In a conduit statement:

conduit permit esp any any
conduit permit esp any any

notice that there is no tcp, udp, or ip in the permit statement.

I've noticed that, on some firewalls, it is buried deep in the bowels of
the config, and has timeouts set to drop the protocol after so many
minutes.

• Next message: Chris Kuethe: "Re: VPN protocols"
• Previous message: Dan Tesch: "VPN protocols"
• Maybe in reply to: Dan Tesch: "VPN protocols"
• Next in thread: Chris Kuethe: "Re: VPN protocols"
• Reply: Chris Kuethe: "Re: VPN protocols"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:11 EDT