I’m wanting to test a subscribers PPPoE connection (with a public IP address) using torch as they are saying it will not work with IP Sec. When ever I look at the traffic on the connection it looks like ordinary web / POP3 traffic. What do I look for to see if the link is passing IP Sec?
Thanks
IP Protocol GRE (47)
IP Protocol ESP (50)
IP Protocol AH (51)
TCP Port 50
TCP Port 51
UDP Port 500
Described in full at: http://www.freesoft.org/CIE/Topics/141.htm or alternatively at http://www.shorewall.net/IPSEC.htm
Loads of information is available on the Internet irt IPSec… Just spend 10 seconds on Google.
Yes, of course thanks. Have you seen it in Torch? I want to be 100% sure it will show…
I don’t use tourch that much… I can’t see given the propper filters are set, why it won’t show up however… You may not be able to see the contents of the packets as it will be encrypted, but the packets itself should definately show up.
tcpdump that I always use, has no problem what so ever to show these packets and protocol.
TCP ports 50 & 51 are not IPSEC. GRE is used by PPTP and not IPSEC.
You’ll rarely see ESP and AH on the link as most clients will be using NAT traversal mechanisms. These encapsulate the ESP and AH into TCP and UDP data streams. These can use various port numbers including UDP:4500 & TCP:10000
Regards
Andrew
Thanks Andrew, so basically it could be hard to spot. There sould be no reason it will not run inside a PPPoE tunnel is there? there is no NAT going on as I’ve supplied the customer with a public IP address.
MTU can cause problems that can be hard to pin down. Search the forum for recent threads on VPNs as we had a discussion about this issue.
Regards
Andrew