[ale] Dumb Question wrt ATT & IPSec

Joseph A Knapka jknapka at earthlink.net
Tue Jan 15 16:02:58 EST 2002 

Robert Heaven wrote:
> 
> I have AT&T BB with a Linux firewall (blocking all incoming tcp and udp
> 1:1024). My company makes me use a laptop with WinNT. On the laptop I
> have "Cisco VPN 3000 Client" and a certificate from Verisign. The
> company has some Cisco VPN 3000 Concentrators that I connect to.
> 
> I'm no expert but, I think it's using IPSec.

It is.

> During the initial
> connection (key exchange) it's using tcp to connect but then it changes
> to udp for all data txfer after that.
>
> By the way, if anyone know where I can find documentation, I'd love to
> get this certificate and VPN working on my Linux and/or FreeBSD boxes.

In theory, if you have the certificate, it should be possible
to get any other IPSec implementation to talk to your VPN
server. I have the same Cisco VPN client, and an OpenBSD
firewall I wanted to set up to use it, but I have not yet
succeeded, mainly due to lack of time to fiddle.

I have a friend who runs the Cisco VPN client on his NT4
box behind a Linux NAT firewall. He claims all that's
necessary is to "allow port 50 through the firewall,"
though he didn't say if it is for incoming or outgoing
connections - I assume  outgoing only, since incoming
connections would require port forwarding, and he
didn't mention that. Anyway, I haven't tried it yet, but
maybe it's worth a shot.

Cheers,

-- Joe

> -Robert
> 
> Chris Farris wrote:
> 
> >Does anyone know if AT&T Broadband filters IPSEC traffic? I can do the
> >key exchange fine, but I can't pass packets along the tunnel. My config
> >works when I test it elsewhere.....
> >
> >Anyone got an IPSEC VPN working on AT&T Broadband? PPTP?
> >
> >Chris
> >
> >PS. Your humble list admin is again subscribed to the list. I suppose if
> >you all generate enough traffic you might persuade him to finally setup
> >ale-digest like he has been meaning to do for three years now.
> >
> >
> >
> >---
> >This message has been sent through the ALE general discussion list.
> >See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> >sent to listmaster at ale dot org.
> >
> >
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.

-- 
"I should like to close this book by sticking out any part of my neck
 which is not yet exposed, and making a few predictions about how the
 problem of quantum gravity will in the end be solved."
 --- Physicist Lee Smolin, "Three Roads to Quantum Gravity"

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list