Firewall Wizards: Re: Cisco VPN client behind a Netscreen

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: Cisco VPN client behind a Netscreen

From: Luigi Mori <lm () symbolic it>
Date: Thu, 6 Nov 2003 10:10:46 +0100

I have recently implemented a Netscreen 50 and I have users behindit that use a Cisco VPN client to connect to a Cisco Pix which Ihave no control over. Their VPN client is not functioning properly.Currently I have a policy allowing outbound traffic any from allinside. Does anyone know if I also need to create an IPSEC policyfor inbound traffic? Thanks, Aram Smith


Is the NetScreen doing some network address translation on your traffic ?
You need a NAT-T enabled IPSec to establish a tunnel trough a NAT device.
--
Luigi Mori
Network Security Manager

SYMBOLIC S.p.A.
W: http://www.symbolic.it
T: +39 0521 776180
F: +39 0521 776190
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

Cisco VPN client behind a Netscreen Aram Smith (Nov 05)
- Re: Cisco VPN client behind a Netscreen Ravi Kumar (Nov 06)
- Re: Cisco VPN client behind a Netscreen Luigi Mori (Nov 06)
- RE: Cisco VPN client behind a Netscreen List Account (Nov 06)
- <Possible follow-ups>
- RE: Cisco VPN client behind a Netscreen Melson, Paul (Nov 06)
  - RE: Cisco VPN client behind a Netscreen Andy Lyakhovetskiy (Nov 11)