Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Share tech news, updates, or what's on your mind.

Sign up to Post

Can loved one's or family members see my credit report if I put a security freeze on it?
0
Ransomware Attacks Keeping You Up at Night?
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Hi Sir,

Would like to ask for your help about the problem listed below,

[Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xccb797a8) not found (maybe expired)

Hoping that you can help me resolve this matter.


Thank you in advance.
0
Hi again everyone -

So sorry to be a pest. Now that I have my ASA 5505 up and running with successful Internet access by devices on my LAN, I can't seem to get my DMZ to gain internet access. Nor can I get a simple IPSec site-to-site VPN to work.  This is really frustrating as the ASA on the other side already participates in another separate site-to-site VPN (setup by me) which works just fine.

I have looked at NAT rules and access rules and can't seem to find the difference. The only thing I did differently on this VPN was try Diffe-Hellman Group 1 as group 2 settings didn't work.

Below is the sanitized config of the ASA that has a working DMZ and a working VPN as well as the non-working VPN.  I have replaced my static public IP with xx.xx.xx.xx and the peer IPs in the VPNs are vv.vv.vv.vv for the one that works and ng.ng.ng.ng for the one that doesn't work.

I will return to this post momentarily and add a comment with the running configuration of the ASA at the other site.

Thanks in advance for any help.

Result of the command: "sh run"

: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password /zzzzzzzzz encrypted
passwd zzzzzzz.zzzz encrypted
names
name 192.168.1.0 dmz_outside
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.0.0.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xx.xx.xx.xx 255.255.255.252
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 
0
I would like to understand the difference of persistent connection and keep alive. Is it only applicable to HTTP protocol? Thanks!
0
I freeze my credit report from 3 beaurues. Equifax, Transunion, Experian. I did that because some people knows my social and date of birth and I don't want they knows my new address. My question is what other agencies i can use to freeze my credit history?
0
Hello,

Trying to create a Site to Site between our TZ215 and Azure:
VNET1 - Address Space     = 10.1.0.0/16
               Subnet  range      = 10.1.0.0/24

GatewaySubnet                  = 10.1.1.0/24

Virtual Net Gateway           = VPN
                                               = Policy-based
                                               = VNET1
                                               = VNET1GWIP  (created Public IP)

Local Net Gateway             = RP_OFFICE
                                              = Public IP address of SonicWALL
                                              = 192.168.250.0/24 (LAN network on SonicWALL)

Connection                          = Site-to-Site (IPsec)
                                               = Virtual Net Gateway
                                               = RP_OFFICE
                                               = Shared key that matches what's configured in the SonicWALL

SonicWALL:
 General Tab                         = Site to Site, IKE using Preshared , IPsec Primary = Public IP of Azure, IPsec Secondary = 0.0.0.0, Local & 
                                                   Peer IKE ID = IPv4 address
Network Tab                         = LAN Subnets, Azure LAN network
Proposals Tab                       = Main Mode, Group 2, AES-256, SHA1, 28800, ESP, AES-256, SHA1, 3600
             
Seeing the following in the SonicWALL log:
  SENDING>>>> ISAKMP OAK INFO …
0
Sir,
i have establish a vpn server in windows server 2012 R2 adn its works fine but when i try to connect with the 2nd server (The DATA Server) it shows nothing. please let me know that how i can connect the server using vpn connection.

Thanks

Asad Rehman
0
How can I block a computer from accessing the internet completely. but leave open remote desktop connection so the user can only use the internet when remoted in the their work computer via remote desktop.
blocking IE will not be enough since the computer has other browsers.
Its on window 10
1
Hello Experts,

We have a web server that is suddenly not sending out e-mails.  I did not do this set up, but here is what I know:

Event IDs:

10016 Distributed Comm has been present since 5/8
2001 SMTPSVC
No usable TLS server certificate for SMTP virtual server instance '1' could be found. TLS will be disabled for this virtual-server
4006 SMTPSVC SMTP that started on 7/3



Details:

This server is a cloud server connected to our Active Directory through a IPSec VPN tunnel.  It has two network adapters, one for our internal network, one public.  Recently the hosting company looks like changed the nic settings and connection to our AD was halted because of it.  I restored it as of yesterday and Group Policy and authentication are working successfully but now these e-mails are not going out.  The developer is saying it's because of AD but I have done all checks and the server is connected successfully....so not sure if that is accurate?  

I checked IIS and SMTP and it's SMTP settings are set to go out on port 25, anonymous access, I did a DNS check under advanced delivery and it was successful,  under the outbound security tab it is set to go to our 365 support e-mail with those credentials under basic - nothing under windows authentication and TLS is checked...

Our e-mail is 365 not connected to our Active Directory.

I honestly do not see how this is a Active Directory problem and this co-worker has previously blamed network or Active directory for …
0
Hi There,

We have recently acquired a  new mail base and we need to sync the data over to our new server.
However we have encountered a problem where the passwords are encrypted.
There are 2 passwords, digest password: digestPassword = {SSHA}TWcg67eMGQn428d3dS4HbZJqytpFMkku182nLQ==
and encrypted password. I was given a key RSA-X.509 to decrypt it but unsure how to go about so.
Please could someone kindly advise as we have around 50k mailboxes to copy over.
Thanks
0
New feature and membership benefit!
LVL 9
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

I have a IPSec tunnel to a remote location. From within the network I am able to access all resources over IPSec tunnel. Users who are connecting in over Cisco's Anyconnect are unable to reach the resources over the IPSec tunnel.
0
I hear there is a bad virus spreading. Is this a Windows virus like wanna cry?

Is there anything in need to do with Mac El Capitan?

Thanks
0
Is there a way to block an entire folder including the .exe everything inside a folder from connecting to the internet? If Windows 10's Firewall can't is there another Firewall that can?
0
I know that my cipher suites are causing the issue with not being able to connect to certain sites - I'm not sure how or why but somehow it's only allow HTTP connections and is not allowing HTTPS connections (windows update can't check for updates, can only browse http websites)

I also can't connect to my IIS site as it's HTTPS as well - there are no errors in the logs

I know the cipher information is in computer\HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

What do I need to do to check/fix to allow both http and https connections on this server?

See attached photo

I've seen this issue before but cannot for the life of me remember what I need to do to resolve it

IIS 7.5 - Win Server 2008 R2
experts_exchange.PNG
0
It happens I need to keep my laptop (Windows 10 Home) powered on during night to save time for a lot of opened websites and documents I don't want to open anew each morning. But often when I resume work in the morning, the laptop is very slow when switching between the website tabs in the browser, and probably I get virus or other problems during night.

Is there any way I can protect it during nighttime, for example by turning off all ports? Otherwise, I only put it in sleep mode as it is now, but still it seems to get infected during nighttime.
0
I feel like this is a simple fix but I'm kind of tearing my hair out here.

Scenario:
Client has 2 sites A & B

Site A: remote office, no AD server on site but existing ASA 5505 with anyconnect  licenses
Site B: cloud hosted servers including AD with ASA 5585 with anyconnect licenses.

The users can connect to either, depending on what resources they need and the availability of licenses, and they both authenticate with LDAP.

Site B network:
10.10.0.0/24
ldap server 10.10.0.10

LDAP auth works fine here. No worries.

Site A network:
10.10.100.0/24
ldap server 10.10.0.10

LDAP is not working. Traffic works between these 2 networks just fine, everything is up and running, all devices can see the ldap server (windows, btw) BUT the ASA cannot connect to the 10.10.0.10 server when testing.

[-2147483634] New request Session, context 0x00007fff2a7fdfe8, reqType = Authentication
[-2147483634] Fiber started
[-2147483634] Creating LDAP context with uri=ldap://10.10.0.10:389
[-2147483634] Connect to LDAP server: ldap://10.10.0.10:389, status = Failed
[-2147483634] Unable to read rootDSE. Can't contact LDAP server.
[-2147483634] Fiber exit Tx=0 bytes Rx=0 bytes, status=-2
[-2147483634] Session End

I just can't seem to figure out why? ASA ping tests and packet trackers work fine from 10.10.100.0 to 10.10.0.10 and visa versa unless I use the source ip as the inside interface ip of the ASA itself. This seems like normal behavior?

I'm more of a …
0
Is it possible if any one knows my social security number and date of birth can pull my credit history?
0
As this is a proprietary app developed some time ago, it does not come with
an audit logging & it became an audit finding.

I'm proposing a 'video-recording' of users session to be implemented as
compensating controls.

Anyone can suggest any tool to do such video recording such that when
the thick client is executed, it will start video capturing the screen &
upon exiting the app, the recording stops & gets saved.

2 tools below was found while browsing the Net but our applications
developer retorted they're not the right products:

Apps guy: VSTS below seems to be only applicable to web applications? True or False?
https://social.msdn.microsoft.com/Forums/vstudio/en-US/5f413bcd-3b5f-4e3b-bf21-f70bd08e4408/how-to-record-a-thick-client-application-with-vsts-ultimate-2013?forum=vstest

Apps guy: JMeter works by pushing thick client traffic through JMeter proxy which detect traffic
and record it into JMeter HTTP Requests & this JMeter proxy is located out there in the Internet
& using this solution means pushing sensitive data out there into Internet.   True or false?
http://www.jmeter-archive.org/Recording-Thick-Client-td5719409.html
0
I need to do a site to site IPSec VPN with an outside vendor so they can access a server on my network. On my end I am using a Cisco RV320 Small Business VPN Router. RV320 Manual.

The vendor and I both use the same subnet 10.1.10.0. Neither of us can change our subnet.

My office is pretty small so all network devices were on the default VLAN. No other VLANS were defined.

To try to work around the subnet problem:
  • I created a second VLAN - 10.1.12.0.

  • I setup the VPN to connect to that VLAN
  • I wired the server to LAN3 on the Cisco.

  • I used Port Management > VLAN Membership and set Inter VLAN Routing to Disabled for both VLANS.
  • For VLAN1 (10.1.10.0) I set LAN1 and LAN2 to untagged / LAN3 and LAN4 to excluded
  • For VLAN2 (10.1.12.0) I set LAN1 and LAN2 to excluded / LAN3 and LAN4 to untagged
  • For VLAN2 (10.1.12.0_ I set Device Management to disabled

The outside vendor can connect, access the GUI for router (which they shouldn't be able to) but not access the server on port 80.

The way it is setup, it should connect the vendor to my network, and they should just be accessing the 10.1.12.0 subnet. The server they need to access is 10.1.12.13 (static address, the only …
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE
LVL 4
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

I have the above phone trying to VPN with a Dell SonicWall TZ400. When I put in the VPN information, listed below, the phone fails and gives me error codes that Phase 2 no response. I will list the three error codes I also see, if anyone can point me in the right direction.

SonicWALL

SonicWall VPN Settings:

Policy Type: Tunnel Interface
Authentication Method: IKE using Preshared Secret

IPsec Primary Gateway Name or Address: 0.0.0.0

IKE Authentication:

Local IKE ID: Domain Name
Peer IKE ID: Domain Name

IKE (Phase 1) Proposal:

Exchange: Aggressive Mod
DH Group: 2
Encryption: 3DES
Authentication: SHA1
Life Time: 28800

IPsec (Phase 2) Proposal:

Protocol: ESp
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy: Checked
DH Group: 2
Life time: 28800

In advanced tab, the only thing checked is Keep Alive.

PHONE

Server: 50.XX.XX.209
IKE ID: VPNPhone
PSK: *****
IKE Parameters: DH2-3DES-SHA1
IPSEC Parameters: DH2-3DES-SHA1
VPN Start Mode: Boot

Password Type: N/A
Encapsulation: RFC
IKE Parameters: DH2-3DES-SHA1
IPSEC Parameters: DH2-3DES-SHA1

Copy TOS: No
File Srvr: Blank
QTest: Disable
Connectivity Check: Never

Errors

1/3
IKE Phase1 received notify
Error Code: 3997698:18
Module: NOTIFY:305

2/3
IKE Phase2 no response
Error code: 397700:0
Module: IKMPD:353

3/3
IKE Phase2 no response
Error code: 3997700:0
Module: IKECFG:1184
0
Any simple and good reference to explain the difference between time-based one time password and traditional OTP?  

Besides,  what are the risks and concerns of using freeware token app, e.g. FreeOTP?
0
I open up Internet Explorer or Edge on a WIN10 computer but I am not able to go to any website.

However, I am able to ping the default gateway of my home router,  ping the public DNS IP and get the DHCP address.  

What could be the reason?
0
Hi experts
 I bought UNV ip cam without NVR
I used the EZstation management software instead of the NVR but I found that application useless and very difficult to use
I need help to find another ip cam server and client application i can use for these cameras model
0
I ran a PCI test on our server and found two small issues, perhaps someone here knows how to resolve.

1. Windows specific file path was detected in the response.
WAS Result:  E:\web\favicon.ico
WAS Result:  C:\Web
Proposed solution:  The content should be reviewed to determine whether it could be masked or removed.   (I don't know how to do this)

2. The Web server can be triggered to reveal the absolute path for the Web root directory and/or other software installed on the host.
WAS Result: Some HTML code  (BlueDot Azure Server port 80/tcp)
Proposed solution: Contact the vendor of the Web server for a possible patch for this issue.  (Server is up to date)

3. SQL Error message: The scan observed an SQL-based error message while performing injection tests. However, the message only appears to indicate that a SQL statement in the web application may be corrupted; it may not be exploitable.

SQL injection enables an attacker to modify the syntax of a SQL query in order to retrieve, corrupt or delete data. This is accomplished by manipulating query criteria in a manner that affects the query's logic. The typical causes of this vulnerability are lack of input validation and insecure construction of the SQL query.

Queries created by concatenating strings with SQL syntax and user-supplied data are prone to this vulnerability. If any part of the string concatenation can be modified, then the meaning of the query can be changed.

0
I recall a few years ago that I used a program similar to Skype which allowed me to have private conversations via this tool.

There was some sort of key that I generated on my PC and emailed to the other person, which that person added to this tool. We then have "private" conversations.

Does this sound familiar to anyone? That does tool, or another, offer this today?

Thanks.
0

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Top Experts In
Internet Protocol Security