Go Premium for a chance to win a PS4. Enter to Win

x

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a load balancer with a public VIP. The partner can only get the site if they ignore that they perceive the site as unsafe.
I’m fairly the certain my very is valid because other VIPs use it. What are some reasons a client might not trust the cert? Brain storming question.
0
[Webinar] Cloud Security
LVL 11
[Webinar] Cloud Security

In this webinar you will learn:

-Why existing firewall and DMZ architectures are not suited for securing cloud applications
-How to make your enterprise “Cloud Ready”, and fix your aging DMZ architecture
-How to transform your enterprise and become a Cloud Enabler

My son's computer keeps having internet connection issues.

-Is playing on a minecract server / minecraft client

Sometimes these apps are also open
-Twitch
-Discord

He is playing on a minecraft server.  and begins to experience lag more and more frequently before the crash.
Is there any way to track down the culprit?  We could assume that it is not enough RAM and go buy more RAM and the problem happens again and we are no better off.

I am looking for a way to gather information that can help tells us what thing( s ) is causing the problem(  s  )

sys info 2systxt.txt
0
I have a main office running OpenVPN on Untangle v9.4 (I know, but they don't want to spend the money to upgrade and reconnect all of the offices) The remote offices are all on different subnets, and I have no problem reaching the main office by IP address or hostname from the remote office computers. From the main office, I am unable to ping or communicate with any of the remote offices. There are no issues with the main office connecting to the internet, but I am unable to communicate with the connected networks. The OpenVPN connectivity at each office is using a Ubiquiti Edgerouter-X with the config file imported and I use my laptop to support the various offices via a software client OpenVPN connection. When I connect to the OpenVPN server at the main office using my laptop, I am able to ping, use RDP, whatever, I can even use NSLOOKUP from the DC in the main office as the server and get the IP Addresses for the systems in the remote offices. Trying to run a tracert from the cli on the DC server in the main office gives me a first hop that is the LAN address of the Untangle box, but times out on every other hop. This looks like a route issue to me, but I haven't been able to add a static route in any form that allows me to communicate with the remote networks. Help!
0
Hello,

Our messaging system shows a few unuaual user login from Lkorodu, Lagos in Nigeria.  

Is there any good website or is it possible to list networks being used by Lkorodu, Lagos instead of the entire Nigeria?

Please advise.
0
hi everyone,

I have facing problems to configuration my domain. users internet permission I have used hosts files but not enough for me what is suitable thing for configuration of URLs

what about firewalls what is the best firewall for filtering the URLs ...


looking forward for reply urgent..


thanks
Asad
IT student
0
Hi, I connected two asa5505 with a crossover cable to learn site2site vpn, I have these configures for both but it just not working, there are no activities on the outside interfaces. I have tested each asa5505 connected to my home LAN with internet access to make sure the interfaces are working. Thanks!


ASA Version 8.2(5)
!
hostname asa-a
domain-name asa-a.domain
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 10.1.1.1 255.255.255.0
!
ftp mode passive
dns server-group DefaultDNS
 domain-name asa-a.domain
access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.2.2.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn …
0
Hi all,

I needassistance in deploying some config changes on a ikev2 site to site ipsec VPN on a cisco router. The VPN is currently setup with ipv4 addresses. i.e. peer ip and identity addresses are ipv4. I have been requested to change the remote ipv4 peer ip for a fqdn i.e. ipsec.abc.com. Should I just change the remote ip for the fqdn where ever it pops up? Or are there any other changes that need to me made in order to support this change. On my side we will continue to use ipv4 address.
If you have a template I can follow, that would be awesome.
Thanks and kind regards.
0
Hi

I'm trying to establish ITSec VPN for my firewall with another vendor in remote site.

The tunnel is not getting UP. The remote vendor says they allowed UDP port 500 and 4500.

But I suspect there is some issue at their end on opening ports above.

1. How do I confirm the udp ports 500 and 4500 is opened above ? I tried using portquiry and it seems not accurate.
It says port is opened for any port I scan. How do I verify port 500 or 4500 is opened or closed at their end ?

2. Another thing is when VPN not getting UP, I want to run some debug in Cisco ASA.
Last time when I setup IPsec tunnel for Fortigate firewall, based on debug I can see where it is failing. Phase1 or Phase2.
In Cisco ASA, which debug commands will tell me where it is failing, how to see traffic comming in from remote end or not ?

Thanks
0
Hi

Where can i get the ipsec information is it in the router or Firewall.
0
Good day guys ,
i have two fortigate one in the HQ and other one in Brench
in the first stage i have wan 1 and wan 2 in both side " speicified link and ADSL for internet " 
after that i made wan 3 ADSL also on fortigate of HQ and i make VPN ipsec between two sides
probleme is ADSL 1 of wan 1 and ADSL 2 of wan 3 in fortigate of HQ  don't work when the IP gateway is different , knowing that two adresses of ADSL found in same plage of my ISP ,
if two adresses have same gateway ip adress work very well
really  i found that peculiar
Fortigate 60 E
version 5.6.2
0
Hire Technology Freelancers with Gigs
LVL 11
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

I have a ASA5510 and I have the  Management port  config  with 192.168.2.1/24  I configured my computer to 192.168.2.6/24 default gateways is 192.168.2.1 and I can not  get into the  ASA


ciscoasa# sh run
: Saved
:
ASA Version 9.1(1)
!
hostname ciscoasa
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 ip address 192.168.2.1 255.255.255.0
!
ftp mode passive
pager lines 24
logging enable
logging timestamp
logging console critical
logging monitor critical
logging asdm informational
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-716.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout …
0
I'm having difficulties with setting up a new site to site vpn to two other sites. I currently have a site to site working with from the 128.0 to the 2.0 networks.  I have a new site which I'm trying to configure a site to site vpn to the other two sites through the vpn wizard and they aren't connecting.  I went through the ASDM site to site vpn wizard and it worked for the first one but it doesn't for the new site to the others.  I have included the configs below.

192.168.1.0 NETWORK
:
ASA Version 9.1(6)
!
hostname ciscoasa
enable password OlOxQ1nyrZ49h6MK encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 104.201.x.x 255.255.255.252
!
ftp mode passive
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network EMAIL
 host 192.168.1.253
 description Woodchuck
object network Webserver
 host 192.168.1.254
 description ETIMAIN
object network cl
 subnet 192.168.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.1.0_24
 subnet 192.168.1.0 255.255.255.0
object network SC
 subnet 172.172.128.0 255.255.255.0
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list…
0
Hi,

I have 2 Windwos server 2008 R2 which going to promoted as domain controller. both of the servers are located in different location.

Server-A which at location A is using subnet that routable across their network from various offices, but server-B is setup behind private LAN which required NAT configured in order to communicate with server A.

we proposed to use Windows IPSEC for these 2 servers to communicate for AD traffic.

I setup the environment in our Lab, the IPSEC works if with no NAT configured in between. however if I turn ON NAT at 1 of the site, server-A can't ping server-B via its real or NATed IP.

Server-B is able ping to server-A's real IP.

I tried steps from this article, https://it.cornell.edu/managed-servers/secure-windows-traffic-ipsec but no luck still.

Appreciate if any experts has came across to this before.

thanks
0
Hello;

Am facing an issue where my Cisco ASR 1002-X keeps rebooting itself at random time. When i run the show version, i can see the reason for reload is: critical process fault, fman_fp_image, fp_0_0, rc=139

On my syslog server, i keep getting this error: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:171 TS:00000041045846946120 %IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error,

 I dont know if that could be the reason of my router reload or if it's an IOS bug, am running asr1002x-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin.

 
Your help will be highly appreciated.
0
Good morning everyone. Let me describe my environment - I have DA setup on server 2016, running on 2 servers and loadbalanced on a Kemp. NLS servers are on dedicated, clustered servers as well. Direct access seems to be running ok but every day I get a random user calling with the same issue as the other.

Scenario: Users are outside the network connected through DA. Their DA connection will drop and I will get the these errors in the event log of the DA server they are connected to (events attached) "An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted." and "An IPsec main mode negotiation failed.". Then Direct Access will be stuck in the connecting status. The user then simply shuts down and calls it a night. When they come into the office the next morning, they log into the network but their computer's network domain is on public or private and not to ourdomain.local. The only way to fix it is to pull out the DA registry keys and reboot - although this is not a good or safe solution. I have verified the NLS servers are up and accessible. And again, it doesnt happen to everyone, only about 1 out of every 5 users.

What would make the local computers come up on the public or private network right at bootup?

Any help would be GREATLY appreciated!
1.txt
2.txt
0
I am troubleshooting a connection issue for two sites connected over ipsec l2l tunnel. It's occasional. TCP traffic conversation ages out. Is there a way to see when the tunnel went down or up in the previous 24 hours?
0
I am creating site to site ipsec vpn tunnel with cisco asa 5506x and 5555. Now the 5506x firewall i m keeping it in dmz. Can i keep the outside int and inside int ip  of 5506x in same subnet.
0
We currently use OpenVPN, as well as L2TP over IPSec VPN on our Linux servers (CentOS 6.x mostly). Both VPN servers are running properly. However, while each of the physical servers have several IPs assigned to them, the VPN is always able to run on one IP address only.

What we need:

A user connects to our server (either via OpenVPN or via L2TP over IPsec VPN), the server picks a random server IP address instead of just one for all users.

Basically, what we need is a server side IP address rotation for the VPN.
0
There is an IPSEC tunnel from a SRX240H2 to a Sophos UTM 9.

The tunnel is up most of the time but goes ocassionally down. And I wonder if the following could be related to the problem.

When the Sophos appliance sends this (from capture on the SRX):

Frame 10273: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits)
Juniper Ethernet
Ethernet II, Src: Cisco_xx.xx.xx (30:e4:db:xx.xx.xx), Dst: Netscreen_xx.xx.xx (00:10:db:xx.xx.xx)
Internet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.1
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 284
    Identification: 0xffe2 (65506)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 57
    Protocol: UDP (17)
    Header checksum: 0x15b1 [validation disabled]
    [Header checksum status: Unverified]
    Source: 2.2.2.2
    Destination: 1.1.1.1
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 500, Dst Port: 500
Internet Security Association and Key Management Protocol
    Initiator SPI: 91ee52a313c081d6
    Responder SPI: 0000000000000000
    Next payload:…
0
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

So I've been tasked with creating an IPSec VPN using a Cisco RV325. I've followed through several guides to get this setup and as it currently stands, I've managed to create the tunnel, connect and authenticate to the VPN successfully using the Shrewsoft VPN Client. However, once connected with either the IPSec VPN or the EasyVPN, I am able to ping the internal address of the router, but unable to ping any other device on the remote LAN. I've made sure firewalls are turned off for testing purposes just to ensure the packets aren't being blocked. I've also tried RDP connections to devices with no joy.

Interestingly, when I tried using the PPTP VPN through the RV325 (using windows 'connect to a network') I'm able to ping everything and remote access servers etc.

I've noticed that the RV325 will give you a virtual IP address range (which the VPN client is picking up) although it seems like there's no kind of address translation or routing to the subnet I need to get to. My remote LAN uses 172.16.8.x/24, the virtual addresses use 172.16.9.x/24.

Please let me know if any log files, config files or screenshots of anything would be of any troubleshooting help and I'll get them posted. Any ideas welcome!

Many thanks in advanced,
Luke
0
Hey guys,

I´m troubleshooting very interesting issue...we have a branch connected over IPsec (setup on Mikrotik)...everything works pretty much fine but network drivers...when users wants to open it it takes very long time to open it approx 5 mins...if they connect over VPN everything is fine. Any ideas? We use 3des encryption for IPsec

Thank you very much!!

Regards

Jiri
0
Hi All,
We have a Draytek 2960 setup with a teleworker dial-in connection using L2tp over IPSEC and it works perfectly for all users apart from those using Hp Elitebooks! The connection always fails with an Error 809 even though we can connect with the same details using another laptop from the same remote office.
We've even installed the draytek vpn client but that fails with an unknown error. I have switched off the antivirus and the firewall and this doesnt help.
Has anyone got any ideas?
0
I have a laptop that can connect to wireless and wired networks (detected) but has no internet (unidentified).

When setting static to the network, detects network name but no internet.

Cannot manually start the service.

Also cannot navigate to 127.0.0.1 or localhost - access denied.

I have scanned for malware, checked that everything is set to DHCP, re-installed NIC driver, reset using netsh int ip reset, netsh int tcp reset, netsh winsock reset.

Minitoolbox showed an error saying an attempt was made to access a socket in a way forbidden by its access permissions.

Any help would be greatly appreciated
0
Hi,
 
I have a Windows 2016 Hyper-V server box that came with two network cards. First NIC is connected to internal LAN (192.168.1.x) and 2nd NIC is connected directly to ISP Internet modem (therefore, it receives a dynamic public IP address given by ISP DHCP server). On 2nd NIC,  I intend to create a virtual machine ("TESTVM") where I like to try to open some suspicious email attachments or click on website links (to find out whether they are malicious). I have installed Malwarebytes Anti-Exploits/Anti-Malware/Ransomware on this VM and it sends me email alerts whenever it detects "suspecious" activity.
I plan on connecting to this VM thru remote desktop connection program (port# 3389, 3390 .. etc) using Dynamic DNS.
Having said that, I know a lot of experts would go against the idea of exposing the server to public internet.

I know that I could put another router (192.168.2.x) between 2nd NIC and ISP internet modem to enhance security, but what I like to know is how am I venerable as it is?
How could hackers penetrate to this server when the only account is "administrator" with secure password?

Thanks you for your insight.
0
Hi, So this used to work so I am baffeled at the moment. Lets say the networks are below.. 2 Cisco ASA 5501 one on side 5510 on other.

TUNNEL IS UP:
VLAN location 1: X.X.20.0 /24
VLAN location 2: X.X.30.0 /24

I see on both asdm the icmp packages being transmitted, "built" never says fail.  but it does not ping on local clients.
if I do a traceroute from 5505 it atleast goes out a few hops.
but if I go to the 5510, I get zero hops, as if its not leaving the asa at all..

I see network objects defined for both, I have static routes defined for both

anything I am missing ? without me pasting my config I mean, just anything very obvious?? TY ALL
0

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Top Experts In
Internet Protocol Security
<
Monthly
>