Solved

IPSEC through Proxy server ? possible

Posted on 2010-08-30
9
554 Views
Last Modified: 2012-05-10
I have a proxy server at work and i would like to use my own 2x IPSEC VPN routers WRVS4400Nv2
1x at home and 1x here at work to be able to tunnel through the proxy ? is that possible ? or does it depend on the proxy server ?
IF that is tricky  what other solutions do i have to get though the proxy ?  Thanks
0
Comment
Question by:Andreas-NYC
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 93

Expert Comment

by:John Hurst
ID: 33560496
I can't say that it will not work, but I have never seen it work. IPsec needs the actual IP at the end points and I do not think it will navigate through a proxy server. ... Thinkpads_User
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33560955
Nope. The basic functionality of a proxy means that it terminates the session and establish a new connection on behalf of the client. Thats the concept of the term "Proxy". Since ipsec is (usually) encrypted as well as integrity checked the in-between proxy cannot terminate and/or re-establish the traffic.

/Kvistofta
0
 
LVL 77

Expert Comment

by:arnold
ID: 33562180
It all depends on the configuration of the firewall behind which you will be placing the WRVS4400Nv2 router.
The IPSEC connection to be establish will always have to travel from office to your home unless other changes are made to the office firewall to route the IPSEC traffic if it is not currently handled in the office to the WRVS4400Nv2.
intenet <=> office firewall port 500 requests go to the WAN side of the WRVS4400Nv2.

an IPSEC is a port 500 UDP/TCP connection and would not go through a proxy.
Companies, would likely block any outgoing IPSEC or other VPN connection from their LAN to secure their LAN.

If your home WRVS4400Nv2 does not have a static IP or you are not using one of the dynamically tracking Dynamic DNS registration services, the IPSEC Vpn connection would only be established when your work WRVS4400Nv2 is configured with the IP of the home WRVS4400Nv2
i.e. your home WRVS4400Nv2
will be setup to accept a connection from any source with any IP/segment.

The group, encryption and the passphrase will be what will limit who can connect.
Do not use aggressive mode if available only use normal mode for key exchange.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:Andreas-NYC
ID: 33563162
Thanks ...
so what other options do i have to tunnel through my works proxy ? any ? Putty ? SSH ?
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 33563195
As we noted proxies and tunnels are not interoperable. If you can do it, get rid of the proxies. If not, consider a secondary non-proxied network for purposes of tunnels. It means a bit more expense, but it would work for you.
... Thinkpads_User
0
 
LVL 77

Expert Comment

by:arnold
ID: 33563574
The same exists for ssh, if you can ssh out, you can tunnel out (create a Tunnel via the SSH connection.) in certain circumstances some employers block outgoing Encrypted connections which SSH is one.  Check with your employer what options are available to you given what you are trying to do.

0
 
LVL 93

Expert Comment

by:John Hurst
ID: 33563634
@arnold - Do you have IPsec or SSH tunnels successfully running between two proxied locations?  Thank you.
.... Thinkpads_User
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 33564314
It all depends on how the locations are proxied.
Proxy often applies to FTP, HTTP, HTTPS where https would use the connect method to establish a TCP connection and then the client browser and the remote server negotiate terms. If you can ssh to a remote system, you can tunnel through the ssh connection (sshd on the remote side must have forwarding on).
i.e. in putty you define the tunnels local/remote. depending on the direction i.e. local if you want to use localhost:port to connect to a system predefined on the remote side.
If you want to access the other way, you would need to define a remote port tunnel.
i.e. you establish an SSH connection to the remote side and then on the remote system have something that connects to localhost:port and comeback over the ssh tunnel.

http://www.oreillynet.com/wireless/2001/02/23/wep.html
similar options are available in putty.
http://docs.cs.byu.edu/general/ssh_tunnels.html

If the issue is important to your employer/firm, they likely block any outgoing encrypted channels ssh/https and every other random port you might choose given any application/server can be configured to listen on any port.
I.e. the outgoing firewall can be configured to deny any encrypted data stream from exiting from unauthorized sources.


You should check with your employer,IT to make sure what you want to do does not clash with what they are trying to do.




0
 

Author Closing Comment

by:Andreas-NYC
ID: 33567540
Thank you very much for explaining and pointing me to a possible solution
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

775 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question