EasyVPN and TCP ports
Hey people,
You have another problem with EasyVPN that requires assistance.
Or actually, not as a problem but more a wish.
I saw that easyVPN is able to send the VPN on TCP traffic.
You can also specify the port to use.
vpnclient ipsec-over-tcp port
Now it would be really great if it would be possible to set up the tunnel over a standard port
that is open on most firewalls: 443
Unfortanetly when I do this:
vpnclient ipsec-over-tcp port 443
The tunnel is gone and wont set itself back up.
Is it possible to do this, and send it over 443 or another standard port?The errors/messages in the EasyVPN server log:
Built inbound TCP connection 625 for outside:10.1.0.2/1075 (10.1.0.2/1075) to identity:10.0.0.1/443 (10.0.0.1/443)
Teardown TCP connection 625 for outside:10.1.0.2/1075 to identity:10.0.0.1/443 duration 0:00:08 bytes 0 TCP Reset-O
Any ideas on this?
Unfortunately can't use any of the well known ports, IE: anything below port 1024.
Tags: Cisco Security
Similar Questions
-
Provisioning of password in Active Directory and TCP ports
Hello
-I want available to users and their passwords in Active Directory
-J' need to declare precisely what TCP ports that I use to have open in the FW:
-TCP port if an IDM and the gateway (or server connector): 9278 (or 8759)
-some ports between gateway and AD.
Can someone tell me what ports I need between catwalk and IDM? I tried 389 and 636, but this is obviously not sufficient...
Thank you.OK, let me tell you how it works then ;-)
-I am speaking here of the AD adapter only, and not the connector (I'll dig this one later)
-In the resource configuration page, you can choose the type of encryption: none, SSL, or Kerberos.-None:
everything is done on the LDAP port (389) except password management which is done on port TCP 445 (Microsoft proprietary protocol)
If 445 is blocked, no password provisioning is done and you will see the bridge trying to reach the ad on this port try ICMP (ping), then give up.-SSL:
everything is done on LDAP 636. Everything.
Why it does not work at first on my environment:
-a been configured correctly AD? Yep: private key in the local computer AD certificate store, CA in the trusted CA on the local computer data store
-have I forgotten to configure something on the side of the door? No, CA has been properly placed in the trusted CA on the local computer store
-the fact that I made typo somewhere? Nope.
-What I forgot, it is to restart the gateway service after having put the certificate in the trusted CA data store. And given that the computer does not restart for more than a month, the gateway service was not properly SSL-protocol of communication with AD...-Kerberos:
I do not tried this mode. (I wanted the standard LDAP bind for some reason)now I can start growing hair again...
-
WSD port for printers and TCP/IP ports monitor, what is the difference?
There are a lot of discussions on IP etc. addresses for printer problems. There is no mention of a new feature for the port for printers, WSD port for plug-and-play printers, I assume that the IP addresses have no importance with WSD, my printer is vaguely configured for the WSD port and TCP/IP port, can someone please expain
Here is a description I found
The WSD Port Monitor is a new printer port monitor in Windows Vista and Windows Server 2008. This port monitor supports printing on network devices that are designed to include Web Services for devices (WSD) technology. Services Web for devices allows devices connected to the IP-based network announce their functionality and to provide these services to customers using the Web Services Protocol. Clients and devices WSD communicate on the network using a series of SOAP (Simple Object Access Protocol) messages on UDP and HTTP (S). WSD for devices offers a plug-and-play network experience that is similar to the installation of a USB device. Services Web for devices also defines a security profile that can be extended to provide additional protection and authentication by using certificates based on the device.
WSD is not a port, but a port monitor. A port monitor looks at information from the TCP/IP port and makes routing or changes based on what happens in the port.
This link has some in the description of the depth of the WSD port monitor:
http://blogs.technet.com/b/askperf/archive/2008/02/11/WS2008-the-WSD-port-monitor.aspx
Back to the comparison of the IP address as a P.O. box. Once the letter arrives in the POST box, someone needs to come empty the box or letters are going no where.
When the data comes in the TCP/IP port a port monitor is where I look for that to happen. The WSD port monitor would take over this function from the standard TCP/IP port monitor.
-
Windows 7 64 - bit open TCP and UDP ports
Well im clearly online but when I open original (battlefield 3) that it says im offline, so I spoke with the original technology and they gave me 2 hours of bs to do and then he said that I had to open the ports and they sent me a link for 32 bit windows (https://help.ea.com/article/opening-tcp-or-udp-ports-for-connection-issues.) I told them I did not 'my network places' and they didn't know why... I told them it was 64-bit another 5 - 6 times and they kept on trying to make me do the 32-bit installation. idk why. but in any case, I searched google and could not find an answer that is not covered in random bs or my 64-bit windows did not have this which is suppose to be on the list.
Step 3 is not there? I got a list or change the settings of the licensed features... He didn't add the port!
for example
Method 2: Configure your system to allow access to the game servers. The firewall or the router must allow unrestricted communication on TCP and UDP Port number 3724. World of Warcraft (WoW) game client uses TCP whereas Voice Chat features use UDP. To open a port in Windows Firewall:
1. open the Windows Firewall by clicking Start , clicking Control Panel, clicking Security, and then clicking on Windows Firewall.
2. click allow a program through Windows Firewall. If you are prompted for an administrator password or a confirmation, type the password or provide confirmation.
3. click on the port of Add. {THIS ISN'T ON MY PC}
4. in the name box, type a name that will help you remember what the port is used.
5. in the Port number box, type the port number IE 3724
6. click on TCP or UDP, depending on the Protocol.
7. to change the scope of the port, click Change scope, and then click the option that you want to use. ("Scope" refers to the set of computers that can use this port opening).
So im hoping you guys can link me to a up to this way to change the ports that will be on my windows 7 64 bit
Hi Fostard,
If I understand well you face any problem with not able to connect to the internet.
I understand that it must be frustrating, but don't worry, we are here to help solve the problem and guide you in the right direction.
You can go through the steps from the link and check if it helps.
Hope this information was helpful and let us know if you need more assistance. We will be happy to help you.
-
I'm trying to implement a TCP port to listen to music on my home network through JRiver. The server and work remotely on my home network. But I want to access on the network side.
I use ATT Uverse to access the internet. I disabled wireless and ATT modem to transmit to my Airport Extreme.
I have these instructions to configure the port:
- Open AirPort Utility and change your AirPort Extreme or AirPort Express. Select the tab network (image). Select the sign of closer Port settings box. The Type of Firewall entry should be IPv4 Port Mapping. Enter a description like JRiver Media Center. Enter the Public 52199 TCP Port. Enter the private IP address, it's the IP address of your JRiver Media Center PC at home. Enter the TCP Port private 52199. Click on save, and then click Update. (image)
When coming to this page, however, the firewall main entry box Type "IPv6" entered and grayed out, so it cannot be changed.
Any help would be greatly appreciated.
Sorry, but no image is available.
However, to start, running the AirPort Utility > select the AirPort Extreme > change > Internet tab > Internet Options...
What is the value to configure IPv6? If it is 'Automatically', change it to "Link-local." only (Note: I'm assuming that your ISP DO provide you IPv6 service still.)
-
enable outbound access to TCP ports
would figure out how to open the outbound for TCP ports access and allow outgoing TCP access to certain ports? I know where to add a port. Put the name of am I let pass like Second Life?
Hello Angela12,
What operating system is installed on your computer?
This can be useful for you:
http://Windows.Microsoft.com/en-us/Windows7/open-a-port-in-Windows-Firewall
Kind regards
Savan - Microsoft technical support.
-
How can I find my external and internal port number
I am trying to access the internet via a live ethernet cable from my router, except the computer im trying to use is new to the House, but is under xp. I also have a laptop which I use to ask these questions, which accesses the internet via a wireless connection. I open 'Internet Properties' and entered my IP address and I am now looking for my external and internal port numbers try to connect. Is it and most easy way? I'm on the right track? Help, please. :)
If you really have a router, then this router should affect your computer all the configuration settings that it needs to connect to the internet (or local) automatically via DHCP. The "TCP/IP properties" correct settings on your computer must be set to "Obtain an IP address automatically" and "Obtain DNS server address automatically". If your router is configured correctly, it will automatically load these settings, such as all you need to do is to connect your computer to your router. If this does not work, then you must download the manual of your router and verify its configuration.
HTH,
JW -
Windows Server 2008 R2, driver HP 7410 AIO, TCP Port printing
I just finished a new installation of Windows Server 2008 R2 64 bit on my computer that was previously using Windows Server 2008 64 bit and can't set up access to the network at my AIO 7410 printer. I would use the most recent driver Windows 7 64 bit (AIO_CDB_FSW_Full_Win_WW_130_141.exe), but the installation of the driver complains "this type of product does not have the list of the types of supported products. My first question is a driver Windows 2008 R2 64-bit will be available soon since none are currently provided?
The way, I have Vista (AIO_CDB_Full_Network_enu_NB.exe) that does not detect the printer (192.168.1.100) of the computer (192.168.1.2) if I get the installation to complete using the USB option then try the last driver. Once done, I try to change the properties of the printer to change the used "USB001" port - virtual printer to USB port to a TCP port. However, when I click on the "add a Port" and choose "Standard TCP/IP Port" I get a dialog with a title "Add Printer Ports" and the error message "cannot add port specified. Access is denied. »
Has anyone solved what is the root cause of this error? I am an administrator on the PC and have never seen this before curve ball.
I should add that a test page print correctly via the USB cable and another Vista PC on the network continues to access the printer through the network so that the printer works fine.
Thanks in advance!
Google is my friend! Found this thread: http://forums.techguy.org/windows-vista/541278-solved-access-denied-network-printers.html that helped.
The main steps are to create a new local printer, select the TCP port and provide the IP address of the printer. Windows query the printer and will automatically detect the HP 7410 driver is already installed and ask if it should use this driver I have answered Yes to. You should see a second printer now available in the control panel which is probably selected as the default printer. I unplugged the USB cable, print a test page using the new TCP profile and it works beautifully.
I wish it was not so difficult to switch from a USB port to a TCP port, but I'm happy to have found a work around.
I hope that this avoids some of the pain of losing a darker night of their lives thanks to the peculiarities of Windows!
-
I know that a Cisco IDS allows to inject a TCP RST in a SPAN port in order to kill a connection.
My question is: this technique works only when you switch ports SPANing, or will it also work when SPANing VLAN? I was told that is not possible. Suppose a 6000 series switch.
Regards, Jeff
Some switches allow you to send TCP reset via the Span port and some do not. TCP resets through the port Span are therefore very switch to load, and you can read your documentation of switches. (Not all Cisco switches has exactly the same).
IF the switch allows TCP resets the Span port then the resets should work for port and Vlan Span sessions with a few warnings that you can read below.
IF the switch does not TCP resets the Span port, then TCP resets do not work whatever the Span session type you have.
In a Session of Span Port, the port being calibrated must be in the same vlan that is configured for the destination span for TCP port resets to recover the vlan good work.
If you try to Port Span ports of different VLAN, then the sensor will alarm OK, but the TCP reset works only on attacks that are visible on the same vlan assigned to the destination span port.
VLAN spans have the same limitations. If you cover a single virtual LAN vlan is attributed to the destination span port, then the TCP resets will get to the vlan right and should work.
If extend you from several VLANs and then the TCP resets will only work on the same vlan assigned to the destination span port.
-
Dear experts,
I study the ACL to (stop) the tcp port filter at the bottom of the URL
http://www.Cisco.com/en/us/Tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml
In the section of "allow only internal networks to initiate a TCP Session ', grateful if someone could enlighten me the use of the 'established '.
interface ethernet0 ip access-group 102 in ! access-list 102 permit tcp any any gt 1023 established
What is different if the ACL is changed as a result of:
access-list 102 permit tcp any any gt 1023
RDG
Both your ACL suggested 101 and 145 are quite correct.
ACL 105: Note should say, allow traffic back on tcp/80, with the source port greater than 1023. The rest of your comment is correct.
ACL 115: Note should say allow all traffic with a source port of HTTP (TCP/80) and destination port above 1023.
ACL 125: Note should say allow all the return of traffic with a source port of HTTP (TCP/80). And Yes, you are right, it also includes the ACL 105 function.
ACL 135: Note should say allow all traffic with a source port of HTTP (TCP/80). And Yes, you are right, it also includes the ACL 115 function.
-
Use of TCP Port when adding sensors to virtual machines
What port TCP VMS use when adding a sensor to VMS security monitor, etc. Device Manager?
RDEF listener uses port?
Port UDP 45000 remained in IDS4.x or is it only required in ID 3 x?
Thank you.
A listener RDEP, if I understand the context of your question, is the process on the ID device that is connected to by customers RDEP (VEI, CTR, VMS / IDSMC). Since this is a server process, he listens to TCP 443. It can be configured to listen on TCP 80, but it is not a default setting.
The only other default port used by Cisco IDS 4.x is TCP 22 (SSH) to access the CLI and some file copy operations (scp, for example). Again, you can configure the use of TCP 23 (TELNET) to access CLI, but is not a default setting.
In summary, a device (IDS-42XX, JOINT-2, NM-CIDS) will have only two ports open by default. 22 TCP and 443. 22 TCP is used by SSH for CLI access and TCP 443 is used to access RDEP and IDM.
Finally, UDP 45000 is not used by Cisco IDS 4.x; It was only used in 3.x and more for the former communication protocol.
I hope this helps.
Alex Arndt
-
ACE - probe on VIP sfarm TCP port failed
Hello
I noticed that AS addresses for TCP SYN sent by external device (in my example: GSS device) to the virtual IP address of a serverfarm is perfected OUTOFSERVICE - due to the failure rservers (ARP failed).
A context is configured on the ACE module that is in bridge mode. VIP serverfarm is listening on a TCP port.
Do you know why the AS sends TCP SYN ACK, even if all the rservers in the serverfarm are declining?
How address this situation and to define the ACE to respond on these request only if VIP is ACTIVE because of the State CONTINUES to sfarm?
Krzysztof salvation,
What version of ACE are you running?
When ACE meets the keepalive GSS what is the status of VIP (in-service or out-of-service) in show-service policy
It could be a bug like the one below:
CSCtz42618 VIP on port 443 accepts the connection when all real servers are down
Kind regards
Kanwal
-
ACL IP and TCP ACL... What is the difference?
Hello
I have a few questions on the ACL.
1. for PIX ACL, let's say I want to host a Web server in the network internally (just to simplify my question), and I do not PAT, but only a static NAT
public static 202.188.100.1 (Interior, exterior) 10.1.1.1 netmask 255.255.255.0
acl_out tcp allowed access list all 10.1.1.1 eq 80
Access-group acl_out in interface outside
Done the above equivalent to
public static 202.188.100.1 (Interior, exterior) 10.1.1.1 netmask 255.255.255.0
ip access list acl_out permit any 10.1.1.1
Access-group acl_out in interface outside
2. for IOS ACL, is it possible to block A (10.1.1.0/24) network access to network B (10.1.2.0/24) but to allow access from network B to network A? How can I do?
Thank you.
Hello
1. first of all your ACL is a little bad, you need to enable connections to the public of your devices address and not the private sector when allowing traffic from the outside.
The answer to your first question is no, if you don't mind the tcp 80 port in your access list then you allow just that, if you allow ip in your access list then you allow all IP protocols based including all TCP ports, UDP and ICMP ports all.
2. you can do this using either the keyword in your access list or reflexive access lists.
Network B to an ACL
---
IP 10.1.2.0 allow 0.0.0.255 10.1.1.0 0.0.0.255
Network from A to B ACL
---
ip licensing 10.1.1.0 0.0.0.255 10.1.2.0 all created 0.0.0.255
Means that any traffic can pass from network B to network A, however only established connections (packets with the ACK bit value) are admitted from B to A.
The other method is reflexive-list using access which are with State of access lists. When the traffic moves from one network to the other a dynamic access list is created, traffic is only allowed to enter the network source if a dynamic entry is present in the table with the same source and destination IP information. An access list works in a direct, so from A to B, if you wanted to allow B to talk to A you need to configure specific static access list entries.
HTH
PJD
-
primary and standby - port listening and listening DB port scan
Hello
I have two node RAC (11.2.0.3) on Windows 2008R2 and this will serve as a primary database. We have defined scan port listener and listener of the DB in 1521. Now, let's put standby database in two node RAC on virtual machines. Waiting for the database, the two scan listening port and listening DB port should be the same (1521) as main or should we give another port number.
Hello
Is it possible to change the IP address to SCAN listener or listener to DB.
Yes, it is possible to change IP address to scan and listener of the DB.
To scan all what you need to do is remove the resource from scan
srvctl remove scan_listener
srvctl remove scan
Once did make changes to the OS level (in the file DNS or hosts) according to what is used and add back scanning resources
srvctl add scan n
[k ] [ s / [/ if1 [| if2 |...]]] srvctl add scan_listener [-l
] [-s] [Pei [TCP:] [/ IPC: ] [/ NMP: ] [/ TCPS: ] [/ SDP: ]] Or if you have a different set of intellectual property is configured, then you can do the following without remove and add the resources back
srvctl change scan - n
srvctl change scan_listener {u: Pei [TCP:]
[/ IPC: ] [/ NMP: ] [/ TCPS: ] [/ SDP: ]} And you can also change the listener node as follows intellectual property details
srvctl change applications {[n
- one / [/ if1 [| if2 |...]]] |} [-S / [/ if1 [| if2 |...]]]} [u {public static | dhcp | mixed}] [-e ] [ -l ] [-r ] [-t [: ][, [: ]...]] [-v]. srvctl change the listening port [-l
] [o ] [Pei "[TCP:] [,...]"] [/ CIB : ] [/ NMP : ] [/ EPTC : ] [/ SDP : ] "] [-u ] [-k ] I'll put the listener to SCAN and listening port of DB in 1521 in Physical standby database as well. Regarding the information you provided that this should also be acceptable. Please provide your opinion on that.
Yes, it is acceptable, you can proceed to the same
I hope that the above answers your question.
Kind regards
Vautrin - Oracle
-
vCenter Question Upgrade (requirement of http and https ports)
Hello
In vSphere Upgrade Guide, the documentation clearly indicates "vCenter Server 4.0 uses TCP/IP Ports 80 and 443, you _cannot _run vCenter Server on the same computer as a webserver using these ports, because this causes conflicts of port.
Now in the vCenter has always allowed me to change the ports by default during the installation, not only do this to avoid conflicts? My current virtualcenter server using ports 80 and 443 for a bunch of websites and I can't move. I don't have another server that has these free ports.
If any of you have changed the default http and https ports during installation (I even do that)? Problems? All comments in general? VCenter even use these ports for? I searched but could not find a definitive answer.
This is a very critical level and I'd rather not start it until I know exactly what to expect.
Thank you!!
Well the port 80 and 443 are generally webservices 80 http 443 https, it is no different with virtual center, they are used for web access to manage virtual machines etc.
and yes I have changed these on a server vc, when access to the content of the web services via the browser enough ":" at the end of the address
change change will require virtual center of service needs to be restarted
Maybe you are looking for
-
Where disappeared the filtering
I just upgraded to iTunes 12.4 Can someone tell me how to get the Genre / artist / columns Album back to sit at the top of my library. Thank you
-
I don't like to accumulate 3 cookies and would not simply check accept first-party Cookies 3rd box in preferences. BUT I have to accept 3rd party cookies to use the web page from my Bank, a separate site that manages some of their transactions (such
-
So my girl screwed another computer p. I cleaned the hard drive and now I can't go back the pilots placed my DSL on my laptop. I have prcheased it second hand. This can be really difficult? I'm really sick of having to use dial up just to try to find
-
I am facing a problem and do not find the answer here. I have a workstation that is running a large number of services that rely on communication outside the local network, that is to say: service text messaging, FTP and others. I can open web pages
-
Until a few months ago, that my copy of Windows 7 Home Edition paid was legal DIGITAL River (student copy) now, he asked for real verification and it didn't it was legal for over 3 years, what happened?