Re: Question in IPsec
From: Dan McDonald (danmcd_at_Eng.Sun.COM)
Date: 05/26/05
- Next message: Laurent Blume: "Re: locale problem"
- Previous message: HarryB: "Strange FTP problem"
- In reply to: Vivek S: "Question in IPsec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 26 May 2005 21:06:42 +0000 (UTC)
In article <1117000103.202032.209000@g44g2000cwa.googlegroups.com>,
Vivek S <viveksreevatsan@gmail.com> wrote:
<SNIP!>
>On one of the servers we have enabled IPsec ONLY for tcp, and on the
>other we have n't. So, what I expect is, that all udp packets should
>n't go through. However, tcp communication should be fine.
>The problem is, we are not able to telnet from one server to another,
>even though that uses tcp.
>
>But if both sides are changed to encryt tcp, then telnet is going
>through.
Dumb question: Are one of these servers a DNS or other UDP server for the
other? If so, that'd explain things... one side expects
UDP protected, the other doesn't.
Not-so-dumb question: Look for (ON BOTH SIDES):
ACQUIRE events (with ipseckey monitor)
dropped packet counters: "netstat -s -P ip | grep ipsec"
SInce this is S9, look for ndd-readable IPsec ESP stats
(ndd -get /dev/ipsecesp ipsecesp_status
NOTE: In S10 we use the more sensible "kstat ipsecesp" instead.)
Anything funny there before-and-after you attempt communication?
-- Daniel L. McDonald - Solaris Networking & Security Engineering Mail: danmcd@east.sun.com | * MY OPINIONS ARE NOT NECESSARILY SUN'S! * 1 Network Drive Burlington, MA |"rising falling at force ten http://blogs.sun.com/danmcd/ | we twist the world and ride the wind" - Rush
- Next message: Laurent Blume: "Re: locale problem"
- Previous message: HarryB: "Strange FTP problem"
- In reply to: Vivek S: "Question in IPsec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
