|
Posted by Quaoar on December 9, 2005, 8:28 pm
> Has anyone heard of this actually happening? Googling it brings up a
> fair amount of armwaving about this topic circa 2002, but nothing
> recently.
>
> I have a client with this service at their remote office; their
> previous IPSec setup was flakey and we replaced their firewalls on
> both ends with new equipment, but when I installed this I've noticed
> that the tunnel cannot be brought up with requests from their home
> office -- it appears that the ISAKMP packets originating in the home
> office simply go nowhere.
>
> But if the tunnel is brought up with keying initiated at the remote
> office, it works just fine. We verified this behavior by building a
> second tunnel to the remote office from our office.
>
> I can only think of two explanations for this phenomena: Comcast is
> deliberately blocking inbound ISAKMP packets to mangle IPSec tunnels,
> or the cable modem itself has some filtering enabled, blocking these
> inbound packets.
>
>
>
Take this to the Comcast hsi forum at www.dslreports.com .
Q
|