?
Solved

IPSEC through Proxy server ? possible

Posted on 2010-08-30
9
Medium Priority
?
564 Views
Last Modified: 2012-05-10
I have a proxy server at work and i would like to use my own 2x IPSEC VPN routers WRVS4400Nv2
1x at home and 1x here at work to be able to tunnel through the proxy ? is that possible ? or does it depend on the proxy server ?
IF that is tricky  what other solutions do i have to get though the proxy ?  Thanks
0
Comment
Question by:Andreas-NYC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 97

Expert Comment

by:Experienced Member
ID: 33560496
I can't say that it will not work, but I have never seen it work. IPsec needs the actual IP at the end points and I do not think it will navigate through a proxy server. ... Thinkpads_User
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33560955
Nope. The basic functionality of a proxy means that it terminates the session and establish a new connection on behalf of the client. Thats the concept of the term "Proxy". Since ipsec is (usually) encrypted as well as integrity checked the in-between proxy cannot terminate and/or re-establish the traffic.

/Kvistofta
0
 
LVL 79

Expert Comment

by:arnold
ID: 33562180
It all depends on the configuration of the firewall behind which you will be placing the WRVS4400Nv2 router.
The IPSEC connection to be establish will always have to travel from office to your home unless other changes are made to the office firewall to route the IPSEC traffic if it is not currently handled in the office to the WRVS4400Nv2.
intenet <=> office firewall port 500 requests go to the WAN side of the WRVS4400Nv2.

an IPSEC is a port 500 UDP/TCP connection and would not go through a proxy.
Companies, would likely block any outgoing IPSEC or other VPN connection from their LAN to secure their LAN.

If your home WRVS4400Nv2 does not have a static IP or you are not using one of the dynamically tracking Dynamic DNS registration services, the IPSEC Vpn connection would only be established when your work WRVS4400Nv2 is configured with the IP of the home WRVS4400Nv2
i.e. your home WRVS4400Nv2
will be setup to accept a connection from any source with any IP/segment.

The group, encryption and the passphrase will be what will limit who can connect.
Do not use aggressive mode if available only use normal mode for key exchange.
0
Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

 

Author Comment

by:Andreas-NYC
ID: 33563162
Thanks ...
so what other options do i have to tunnel through my works proxy ? any ? Putty ? SSH ?
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 33563195
As we noted proxies and tunnels are not interoperable. If you can do it, get rid of the proxies. If not, consider a secondary non-proxied network for purposes of tunnels. It means a bit more expense, but it would work for you.
... Thinkpads_User
0
 
LVL 79

Expert Comment

by:arnold
ID: 33563574
The same exists for ssh, if you can ssh out, you can tunnel out (create a Tunnel via the SSH connection.) in certain circumstances some employers block outgoing Encrypted connections which SSH is one.  Check with your employer what options are available to you given what you are trying to do.

0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 33563634
@arnold - Do you have IPsec or SSH tunnels successfully running between two proxied locations?  Thank you.
.... Thinkpads_User
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 33564314
It all depends on how the locations are proxied.
Proxy often applies to FTP, HTTP, HTTPS where https would use the connect method to establish a TCP connection and then the client browser and the remote server negotiate terms. If you can ssh to a remote system, you can tunnel through the ssh connection (sshd on the remote side must have forwarding on).
i.e. in putty you define the tunnels local/remote. depending on the direction i.e. local if you want to use localhost:port to connect to a system predefined on the remote side.
If you want to access the other way, you would need to define a remote port tunnel.
i.e. you establish an SSH connection to the remote side and then on the remote system have something that connects to localhost:port and comeback over the ssh tunnel.

http://www.oreillynet.com/wireless/2001/02/23/wep.html
similar options are available in putty.
http://docs.cs.byu.edu/general/ssh_tunnels.html

If the issue is important to your employer/firm, they likely block any outgoing encrypted channels ssh/https and every other random port you might choose given any application/server can be configured to listen on any port.
I.e. the outgoing firewall can be configured to deny any encrypted data stream from exiting from unauthorized sources.


You should check with your employer,IT to make sure what you want to do does not clash with what they are trying to do.




0
 

Author Closing Comment

by:Andreas-NYC
ID: 33567540
Thank you very much for explaining and pointing me to a possible solution
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question