Wireshark-users: Re: [Wireshark-users] Help With EPS/ISAKMP - Email found in subject
From: "Robert D. Scott" <robert@xxxxxxx>
Date: Wed, 17 Jun 2009 17:41:31 -0400
IP is !ESP. Permit ESP as well. Robert D. Scott Robert@xxxxxxx Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Phone Tree University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 321-663-0421 Cell -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Josue Del Valle Sent: Wednesday, June 17, 2009 4:41 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Help With EPS/ISAKMP - Email found in subject Hi, Thanks for replying. I was just shown the ICLs and for troubleshooting purposes, IP, UPD and TCP have been allowed from ANY interface in the DMZ to ANY interface on the trusted network. Is there anything else that could be causing this? -----Original Message----- From: Robert D. Scott [mailto:robert@xxxxxxx] Sent: 2009-06-17 4:20 PM To: 'Community support list for Wireshark' Subject: [SPAM] - Re: [Wireshark-users] Help With EPS/ISAKMP - Email found in subject Sound like an ACL or firewall between the DMZ and the other network dropping ESP. Robert D. Scott Robert@xxxxxxx Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Phone Tree University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 321-663-0421 Cell -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Josue Del Valle Sent: Wednesday, June 17, 2009 4:16 PM To: wireshark-users@xxxxxxxxxxxxx Subject: [Wireshark-users] Help With EPS/ISAKMP Hi, I was hoping someone could help me with this issue. I have configured IPSec on two Windows 2003 servers using certificates as the authentication. If I run wireshark from one of the server while having both servers on the same network, I can see a bunch of ESP which indicate to me that the traffic is encrypted between the two servers. If I move one of the servers to another network (DMZ) and try to communicate with the server located on the trusted network, I can't and instead of getting ESP packets all I see is ISAKMP packets. I have not change anything on the IPsec except the ip for the server that has been moved to the DMZ. The trusted network as a 192.168.10.X subnet and the one on the DMZ is 192.168.20.X. If I remove IPSec I can communicate from the DMZ to the LAN as intended which indicate routing on the firewall is working fine. I know it is kind of confusing, but I'm trying to figure out why WireShark shows ESP packets when the server is on the LAN and ISAKMP packets when the server is moved to the DMZ. Thanks, Josue Please remember coverage cannot be bound, amended or cancelled via the email or voicemail system. You cannot bind, alter, or cancel coverage without speaking to an authorized representative of Braishfield Associates, Inc. Coverage cannot be assumed to be bound without confirmation from an authorized representative of Braishfield Associates, Inc. DISCLAIMER: CONFIDENTIALITY NOTICE: Braishfield Associates, Inc. would like you to know that the information contained in this communication, including attachments is privileged and confidential. It is intended only for the exclusive use of the addressee. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Insurance coverage can not be bound, amended or changed via an e-mail message without knowledge or consent from the insuring carrier. If you have received this communication in error please notify us by telephone immediately at (407) 825-9911 or e-mail disclaimer@xxxxxxxxxxxxxxx. Thank you. ________________________________________________________________________ ___ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- Follow-Ups:
- Re: [Wireshark-users] Help With EPS/ISAKMP - Email found in subject
- From: Martin Visser
- Re: [Wireshark-users] Help With EPS/ISAKMP - Email found in subject
- References:
- [Wireshark-users] Help With EPS/ISAKMP
- From: Josue Del Valle
- Re: [Wireshark-users] Help With EPS/ISAKMP
- From: Robert D. Scott
- Re: [Wireshark-users] Help With EPS/ISAKMP - Email found in subject
- From: Josue Del Valle
- [Wireshark-users] Help With EPS/ISAKMP
- Prev by Date: Re: [Wireshark-users] Help With EPS/ISAKMP - Email found in subject
- Next by Date: Re: [Wireshark-users] Help With EPS/ISAKMP - Email found in subject
- Previous by thread: Re: [Wireshark-users] Help With EPS/ISAKMP - Email found in subject
- Next by thread: Re: [Wireshark-users] Help With EPS/ISAKMP - Email found in subject
- Index(es):
- Get Wireshark
- Download
- Code of Conduct