Firewall Wizards: l2tp/Ipsec and pix

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

l2tp/Ipsec and pix

From: "Jean Caron" <caronj () norac net>
Date: Fri, 14 Jan 2005 10:47:54 -0500

Hi,Is it possible to have a l2tp/ipsec tunnel go through a pix firewall?I have a win client establishing a l2tp/ipsec tunnel to a pix. Works fine.But now I need to throw another pix in to protect the client. So I'm tryingto have the tunnel go *through* this second pix.The client address needs to be NATed on the outside of this second pix.Here's part of the "debug crypto isakmp" output;

ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): SA not acceptable!

ISAKMP (0): sending NOTIFY message 14 protocol 0Again, if I remove the second pix, use it's outside address on my win clientand adjust the policy's endpoints accordingly, the tunnel comes up justfine.

Jean
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

l2tp/Ipsec and pix Jean Caron (Jan 19)
- Per application port DMZ segments? Wes Noonan (Jan 19)
  - Re: Per application port DMZ segments? Paul D. Robertson (Jan 19)
    - RE: Per application port DMZ segments? Wes Noonan (Jan 19)
    - RE: Per application port DMZ segments? Paul D. Robertson (Jan 19)
    - RE: Per application port DMZ segments? Carson Gaspar (Jan 19)