Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Share tech news, updates, or what's on your mind.

Sign up to Post

I had an attack on my site last night and I was looking in /varlog/messages and I see these entries happening every second

Feb 12 10:53:56 ip-172-31-22-236 saslauthd[2711]:                 : auth failure: [user=mara] [service=smtp] [] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:56 ip-172-31-22-236 saslauthd[2713]:                 : auth failure: [user=tigers] [service=smtp] [] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:56 ip-172-31-22-236 saslauthd[2710]:                 : auth failure: [user=tigers] [service=smtp] [] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:58 ip-172-31-22-236 saslauthd[2716]:                 : auth failure: [user=josie] [service=smtp] [] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:58 ip-172-31-22-236 saslauthd[2715]:                 : auth failure: [user=josie] [service=smtp] [] [mech=pam] [reason=PAM auth error]
Feb 12 10:54:05 ip-172-31-22-236 saslauthd[2711]:                 : auth failure: [user=stephanie] [service=smtp] [] [mech=pam] [reason=PAM auth error]
Feb 12 10:54:05 ip-172-31-22-236 saslauthd[2713]:                 : auth failure: [user=stephanie] [service=smtp] [] [mech=pam] [reason=PAM auth error]
Feb 12 10:54:11 ip-172-31-22-236 saslauthd[2710]:                 : auth failure: [user=amanda] [service=smtp] 

Open in new window

Using Telerik FiddlerCore to make our .NET website more secure

I just learned that FiddlerCore provides much of the functionality of Fiddler, but without the UI. And it seems this is a library designed to be incorporated into .NET programs.

I am looking for ways to reduce the chance that a hacker makes a successful penetration into our website, so using FiddlerCore is interesting to me.

Is this something to be including in the Release version of the website? Is so, please explain what kinds of services it could provide?

I like having advanced functionality under the covers, but only so long as it protects me while not adding some new exposure.

I'd love to hear  your thoughts...

I am having some issues with some phones and was hoping someone could hopefully point me in the right direction. I am not a phone guy by any means, so excuse any mistakes or anything that is unclear. Our past set up was as follows

Site A - Sonicwall NSA 250 M with Avaya IP Office 8.1
Site B - Sonicwall TZ 205 with 20x Avaya 9608 phones

The sites are connected via a Site to Site VPN.

A week or so ago, we swapped out Firewalls. We moved Site A's to Site B, and put a Sonicwall NSA 2600 at Site B. We did a simple export/import of configs. Even though they were different Firewall models, Sonicwall documentation said it was supported, and we haven't had any issues. Except one.

Our phones seem to experience call dropping and quality issues. We get 10x dropped calls a day, and inside IP Office I can see Quality of Service Alarms going off like crazy.

I have set up QoS and BWM on both sides of the Firewalls, I don't believe bandwidth is the issue.  It's ONLY my remote phones at Site B, which are all H.323 phones. But if someone from Site A calls Site B, there is a chance it will drop as well. Site A can call Site A all day, or externally, no issues. I played around with H323 transformations on the Sonicwall, and that actually seemed to fix the issue, but after enabling it my phones would deregister themselves after a few hours, and would not re-register.

I have set up wireshark on both ends, nothing out of the ordinary, no increase of traffic when issues comes up. …
My OS is win10 pro 64 bit.  Due to recent security hacking on my pc, I am thinking if NordVPN would provide the security preventing everyone from entry.  I have Avast Premier protection.  Or can I use ZoneAlarm or some other software.  Thank u and regards.
My OS is win 10 pro 64 bit.  My pc is a lennovo m72e.   I use Verizon DSL and the pc is connected via a modem, which has about 5 ports, allowing for ethernet connection.  Last week a hacker managed to hack into my pc.  My question is if I were to change the port which the ethernet cable is connected, can the hacker get into my pc again?  I have Avast security protection and the OS' own.  thank u
Anti-XSS Test Tool plan for Firefox

We need to support Firefox only, so I  wonder if that limitation helps me to hone my list of options, as I seek an Anti-XSS Test Tool?

I would consider at least:

and review:

plus whatever else you suggest for me to consider. So, I wonder if the fact that our site is limited to Firefox support helps us find a smaller set of AntiXSS test tools from which to choose?

Looking for a tool to test XSS Vulnerabilities on our site

I need to find a tool we can run which will enable us to help find XSS Vulnerabilities and to test our Anti-XSS fixes.

What can you suggest?

We used to use Cisco 1`941-SEC, Cisco 3945-SEC etc. for IPSEC VPN internet connections. Since then Cisco has moved over to ISR Series Cisco 4321-AX, Cisco 4331-AX etc. What is the equivalent security bundled CPE for ISR 4200 series. I hope we do not have to buy the security licenses separately.
I need a combination of best practices and a description of how the underlying exploitations of cross site scripting attacks work.

I have a domain that is spread out over 15 plus offices scattered around the globe.  All the offices have IPSec connectivity back into Corporate.  Each of the satellite offices has a domain controller onsite.   My problem is this.   When I do a nslookup from our corporate site to, or attempt to ping or resolve from corporate, I am getting routed to any of the other domain controllers and not specifically to the ones located on my site.    This is also happening on my other sites.   For example, in Australia, where I have a DC and DNS server, I get resolution to other offices when referencing the domain.    What I want is when I am in an office is for the system to resolve the domain to the local servers first and only pass  to another location should the local devices be unavailable.   We have setup this in sites and services and thought we had it, but DNS just isn't cooperating.

I had created a SITE to SITE VPN between a PFSENSE anda Sonic Wall TZ400.The VPN is up no problem. The only thing is that I cannot open ressources like folders, rdp or ping from one side to another. Anybody knows where I should look to fix this issu?

I've got single person in an office location who needs to access a lob application at site A and a different lob application at site B via RDP.

Site A and B don't need to communicate with one another.  

What would the most efficient and cost effective way to be to accomplish this, preferably using Sonicwall equipment?
We're using a Cisco RV320 at one of our locations.
It's primarily used for two Hardware VPN's using IPSec.  Tunnel 1 goes to our hosted server (which has no issues) and Tunnel 2 goes to a Rogers hosted server.

Recently, the Rogers hosted server location changed their WAN IP.  Therefore, I rebuilt Tunnel 2 to point to the new WAN IP and was able to establish the connection and the Tunnel went UP.  All remote LAN IP's and IPSec protocols remained the same, the only change was the WAN IP.

Since this change, accessing remote server resources on Tunnel 2 is intermittent.  i.e in the morning it will be inaccessible, but a few hours in the afternoon it will be accessible  During this whole time, VPN Tunnel 2 remains UP and doesn't go down, we just cannot communicate with the Remote LAN IP....

I asked the Rogers tech to change back to the old Remote WAN IP for testing.  As soon as we changed back to the old Remote WAN IP, all resources became available again.....  We then changed back to the new Remote WAN IP and server resources once again became unavailable.  During these VPN changes, I've made sure to reboot our Cisco RV320 numerous time's as well as rebuilt this tunnel.

In addition to this, we have 4 other locations with the same Cisco RV320 on the same firmware connecting to the old Remote WAN IP of the Rogers hosted server.  We briefly tested the remote WAN IP change on another router's Tunnel 2, and the same issue occurred as it did on the other one.

My …
The Sonicwall OS is 5.x. This is just the base router, no extra licenses for IPS, malware etc... I recently setup L2TP VPN for a couple users - using long and complex Pre-shared secret and each have a very long and complex password... I have been blocking obvious attempts from just IP addresses trying to access a webcam port using the info I found on how to do that - but blocking an IP address from WAN  - doesn't seem to affect efforts of a couple outsiders trying to access via L2TP - I see the failed messages from the different stages... but they keep trying - and added their IPs to my 'Blocked IPs' address object group has no effect.
I want to be able to deny them access to even try to authenticate and get them out of the logs - like blocking IP addresses.
Anyone savvy on the SonicWALL as to how to prevent attempted L2TP connections from undesired sources? Is there a way to create access rules to block from L2TP to ANY or LAN, we have the network on the X0 interface.
My understanding is there is a VPN access list on the SonicWALL - but it does not apply to L2TP.
Thank you!
Dear Experts,

mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero

crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key iocTOcioc address
crypto ipsec transform-set transet esp-3des esp-md5-hmac
 mode transport
crypto ipsec profile vpn-profile
 set transform-set transet

I have these commands but they are not recognize for the ISR 4321, are there alternate commands?
I have several Dell SonicWALL's in service but with one of them,  a TZ205 wireless-N, I can't remotely manage the Sonicwall.  I can connect to all computers at this remote location from a VPN tunnel, Site to Site.  If I connect to a PC behind that SonicWall I can then connect and manage the SonicWall.  This is an extra step that I don't want to have to deal with.

I've compared settings to my other SonicWalls's but none are the exact same model.  As far as I can tell everything is the same.

What am I missing?
I got a /23 public subnet from my provider with their gateway within that subnet x.x.91.1/23. I configured my FW with an IP address from that subnet x.x.90.1 and ping is allowed on the FW outside interface, I am trying to setup a IPSec vpn from this site back to the HQ. From HQ and my PC at home, I can ping their gateway x.x.91.1 but cannot ping  x.x.90.1. I checked in looking glass bgp table and that subnet is routable on the Internet.
They said that everything is configured correctly on their end and the issue is from my end. I am not sure I agree with them but I am not sure how to validate my argument. Thanks
I am trying to submit a form on nyc (New York City) website I get a error

You are coming from an invalid URL. Your request will not be processed. Please go to policy does not allow you to test online forms from remote servers or hard drives.

I tried IE Chrome and  Mozilla all the same results, except that in Mozilla when clicking submit I get a msg

The information you have entered on this page will be sent over an insecure connection and could be read by a third party and provides the following link

It is not related to a antivirus  program since I uninstalled all and had the same result. also tried from different locations and OS
Hey Guys,

Bit of a weird issue here.
I have a sonicwall TZ200, it is doing DHCP for the VPN users, it also does VPN for the LAN users.
This is a simple one subnet network and two interface firewall. 1 LAN and 1 WAN.

Strange thing is I have managed to get the VPN connecting for my test user, we are using global vpn client.
We are getting massive packet loss, I am pinging things on the lan and losing like 75% of packets.
Funny thing is some are going through, but all have big lag attached.

Unsure of what the issue is really yet.
My first thoughts are to do the below.
1) Use a manual IP on the virtual adapter
2) Change the version of sonicwall global vpn client

Am using a windows 10 laptop for my test user who is connecting.
We are reviewing our internet connectivity to a view of simplifying and improving performance and security.  We currently have 3 sites with Cisco routers and ASA firewalls on-premise running IPSec between them, with remote user VPNs terminating on two of them.  We are not running any additional services on the firewalls.  We also run SIP trunks into one of the offices which traverses to another.  QoS on the routers and on-premise switches.  Voice works well.
Still running many systems on prem and only have o365, no AWS/Azure yet..
We are looking at MPLS.  Would this be a better fit?  What about VPLS, SDWan or sticking with on-premise firewalls with IPsec?  
Any suggestions would be great.  
Hello All,

I found "IPsec (ESP) packet dropped" events in attempts section in Sonicwall GMS.
Can anyone help me to resolve this issue.

Yogiraj Pattani
Hello EE,

Our VPN firewall prevents ipV6 (blocks) so our Visual Studio debugger is failing to connect.
I wonder if anyone knows of a way in Visual Studio to turn off ipV6 and only use IPv4.
Does anyone know why the IPSec tunnel would show one way encapsulation? This is typically a routing issue but I checked the routing table and the remote network is there and it is send to the tunnel interface.

I am attaching the screenshot.

TLDR:  after a period of time ARP from  devices in a layer 2 connected VLAN quit registering on our SD-WAN edge device, stopping them from traversing that edge or being routed by that edge.

SD-WAN edge:  Velocloud Edge 540 (problem has persisted through numerous firmware revisions)
Cisco Stack:  1 Cisco SG500X-48 and 5 Cisco SG500X-48P’s connected loop/chain stack configuration using SFP+ fiber connectors. (also firmware updated more than once).

VC is the router/firewall SD-WAN with redundant internet connections that establishes edge to edge IPSEC tunnels and tunnel to our internet gateway.
The Cisco stack connects 10 VLAN’s to the VC but is not doing any routing or firewall activities.  The Cisco has 2 management IP interfaces in those VLANS (1 and 318), the rest are purely layer 2 connected.
Cisco interface to VC is set:
interface gigabitethernet1/1/8
 description VC-StackConnection
 switchport trunk allowed vlan add (necessary vlans)
 switchport default-vlan tagged (default-vlan being 1)

The VC is set:
Mode: Trunk
Drop Untagged

After an unspecified amount of time (2 weeks to 6 weeks) at our HQ location where the equipment is located, most or all of the devices in some of the layer 2 connected VLAN’s cannot communicate externally.   Internal communication work as expected (same broadcast domain) for the most part.   Sometimes…
I'm fairly new to VPN services so I don't really know what's happening and why.

I am trying to connect 3 remote sites to HQ by using site-to-site VPN and have managed to get 2 working.
The 3th one won't come online and I cant really figure out why, I have used the exact same config on all 3 routers (Vigor2925) for Outbound connections (except for local subnet ofcourse) and the same inboud settings for HQ router (also Vigor2925).

When I check the syslog on the remote site, it gives the following error:
[IPSEC][L2L][1:Wessem-Out][@WAN IP] IKE link timeout: state linking

On HQ I keep getting this one:
Responding to Main Mode from <WAN IP REMOTE SITE>
Accept Phase1 prorosals : ENCR OAKLEY_DES_CBC, HASH OAKLEY_MD5

Can someone maybe explain what im doing wrong??

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Top Experts In
Internet Protocol Security