Comcast

Comcast "business" cable internet; blocking IPSec ISAKMP?
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.modems.cable  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Comcast "business" cable internet; blocking IPSec ISAKMP? Howard Beale 12-06-2005
Posted by Howard Beale on December 6, 2005, 9:43 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Has anyone heard of this actually happening? Googling it brings up a fair
amount of armwaving about this topic circa 2002, but nothing recently.

I have a client with this service at their remote office; their previous
IPSec setup was flakey and we replaced their firewalls on both ends with new
equipment, but when I installed this I've noticed that the tunnel cannot be
brought up with requests from their home office -- it appears that the
ISAKMP packets originating in the home office simply go nowhere.

But if the tunnel is brought up with keying initiated at the remote office,
it works just fine. We verified this behavior by building a second tunnel
to the remote office from our office.

I can only think of two explanations for this phenomena: Comcast is
deliberately blocking inbound ISAKMP packets to mangle IPSec tunnels, or the
cable modem itself has some filtering enabled, blocking these inbound
packets.




Posted by Colin on December 7, 2005, 3:18 pm

> Has anyone heard of this actually happening? Googling it brings up a
> fair amount of armwaving about this topic circa 2002, but nothing
> recently.
>
> I have a client with this service at their remote office; their
> previous IPSec setup was flakey and we replaced their firewalls on
> both ends with new equipment, but when I installed this I've noticed
> that the tunnel cannot be brought up with requests from their home
> office -- it appears that the ISAKMP packets originating in the home
> office simply go nowhere.
>
> But if the tunnel is brought up with keying initiated at the remote
> office, it works just fine. We verified this behavior by building a
> second tunnel to the remote office from our office.
>
> I can only think of two explanations for this phenomena: Comcast is
> deliberately blocking inbound ISAKMP packets to mangle IPSec tunnels,
> or the cable modem itself has some filtering enabled, blocking these
> inbound packets.
>
>
>
>




Posted by Quaoar on December 9, 2005, 8:28 pm

> Has anyone heard of this actually happening? Googling it brings up a
> fair amount of armwaving about this topic circa 2002, but nothing
> recently.
>
> I have a client with this service at their remote office; their
> previous IPSec setup was flakey and we replaced their firewalls on
> both ends with new equipment, but when I installed this I've noticed
> that the tunnel cannot be brought up with requests from their home
> office -- it appears that the ISAKMP packets originating in the home
> office simply go nowhere.
>
> But if the tunnel is brought up with keying initiated at the remote
> office, it works just fine. We verified this behavior by building a
> second tunnel to the remote office from our office.
>
> I can only think of two explanations for this phenomena: Comcast is
> deliberately blocking inbound ISAKMP packets to mangle IPSec tunnels,
> or the cable modem itself has some filtering enabled, blocking these
> inbound packets.
>
>
>

Take this to the Comcast hsi forum at www.dslreports.com .

Q



Similar ThreadsPosted
CISCO UBR900 and IPSEC (Cable One) March 1, 2005, 5:47 pm
smc8013wg - comcast business February 23, 2005, 7:06 am
comcast business service, teaming February 20, 2006, 8:18 pm
IPsec passthru on Motorola SBG 900 July 19, 2005, 6:39 pm
Cox Business (or any cable provider for that matter): Possible to Interchance Upstream and Downstream? February 21, 2006, 1:47 pm
Cox Business Service and my Linksys BEFCMU10 ver.3 February 27, 2006, 10:43 pm
Cox Business Service and my Linksys BEFCMU10 ver.3 February 27, 2006, 11:30 pm
Cox Business Service and my Linksys BEFCMU10 ver.3 February 27, 2006, 11:40 pm
Can't get internet using Comcast cable modem and Lynksys WRT54G router January 30, 2006, 12:32 am
COMCAST internet April 2, 2008, 3:42 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map