asmundg at stud.cs.uit.no
Sat Feb 12 19:03:01 CET 2005
On Sat, 12 Feb 2005, Maurice Massar wrote:
> On Sat, Feb 12, 2005 at 06:30:51PM +0100, Åsmund Grammeltvedt wrote:
> > here's the log from the cisco client.
> > I will of course try to ask the admins what's up and if they really have
> > 493 14:08:05.283 02/12/05 Sev=Info/5 IKE/0x6300005D
> > Client sending a firewall request to concentrator
> > 494 14:08:05.283 02/12/05 Sev=Info/5 IKE/0x6300005C
> > Firewall Policy: Product=Cisco Systems Integrated Client, Capability= (Centralized Protection Policy).
> probably is because of a new firewall policy
> requiring the client to have a firewall locks out any non-windows
> client. (not even cisco own linux/mac/... client supports firewall
> settings). The improvment of security with this change is at least
> dubious. (In any case, the concentrator can only hope that the client
> really follows the firewall policy requests. Not having taken the time
> yet to decode this protocoll is all that stops me from simply faking it
> with vpnc.)
Ok, thanks for the quick response. I'll yell a bit at the administrators.
Relying on the client to verify its own security compliance is, as you
pointed out, rather silly.
Defending Civilization: A guide to the preferred forms of free speech
More information about the vpnc-devel