View previous topic :: View next topic |
Author |
Message |
plambrecht
Joined: 19 May 2004 Posts: 151 Location: Belgium
|
Posted: Mon May 24, 2004 5:47 am Post subject: Test VPN server alive |
|
|
Hi,
I need an UDP test to see if my Cisco VPN server (PIX and IOS based) are up and running.
Does anyone have an UDP string to send/receive ?
Ping is not an option, because I disable ICMP on my VPN server.
Anyone ?
Pieter |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12792 Location: USA
|
Posted: Mon May 24, 2004 8:56 am Post subject: |
|
|
What about SNMP test? Or you have disabled SNMP protocol as well?
Regards
Alex |
|
Back to top |
|
|
plambrecht
Joined: 19 May 2004 Posts: 151 Location: Belgium
|
Posted: Mon May 24, 2004 9:05 am Post subject: |
|
|
KS-Soft wrote: | What about SNMP test? Or you have disabled SNMP protocol as well? |
The VPN server is published on the internet, and only accessible through the internet. SNMP is not an option.
A UDP packet looks like the only solution to me.
thx anyway for this reply.
Pieter |
|
Back to top |
|
|
boxy_25
Joined: 02 Dec 2003 Posts: 26 Location: France
|
Posted: Tue May 25, 2004 12:25 am Post subject: ICMP |
|
|
Hi,
I think you can open icmp port only for one station (the monitoring station) and block for all the other. You can also allow only "echo request" to securise at maximum.
Cédric. |
|
Back to top |
|
|
plambrecht
Joined: 19 May 2004 Posts: 151 Location: Belgium
|
Posted: Tue May 25, 2004 3:24 am Post subject: Re: ICMP |
|
|
[quote="boxy_25"]I think you can open icmp port only for one station (the monitoring station) and block for all the other. You can also allow only "echo request" to securise at maximum.
quote]
the thing is, I don't want to check ICMP, but VPN.
There always is a possibility that the ICMP works, but that de VPN service is down... |
|
Back to top |
|
|
boxy_25
Joined: 02 Dec 2003 Posts: 26 Location: France
|
Posted: Tue May 25, 2004 3:38 am Post subject: ICMP |
|
|
HI,
"There always is a possibility that the ICMP works, but that de VPN service is down..."
That depend wich IP you monitor...
If you monitor your internet IP, that's true, you cannot see if VPN is UP
But your VPN is connecting 2 network with different IP range (ex 10.1.0.0 and 10.2.0.0). if there is a computer in 10.1.0.0 that ping 10.2.0.1., you can see if VPN is UP.
You can monitor 2 or 3 IP in the distant network so if they are all dead, the VPN is dead.
Cédric |
|
Back to top |
|
|
plambrecht
Joined: 19 May 2004 Posts: 151 Location: Belgium
|
Posted: Tue May 25, 2004 5:20 am Post subject: |
|
|
Your suggestion implies that I make a VPN conncetion and then ping a server of the remote network.
But that is not what I want.
I just want to check if the VPN service is alive bij 'portscanning' the UDP/500 port.
For that I need the UDP packet to send/receive...
Pieter |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12792 Location: USA
|
|
Back to top |
|
|
plambrecht
Joined: 19 May 2004 Posts: 151 Location: Belgium
|
Posted: Wed May 26, 2004 2:07 am Post subject: |
|
|
Cool site..
Apparently it is not as easy as I thought... No fixed header.. darn..
thx anyway.
Pieter |
|
Back to top |
|
|
ericm
Joined: 10 Feb 2004 Posts: 40
|
Posted: Mon Jun 07, 2004 9:37 am Post subject: Test VPN |
|
|
If you find something please post it. |
|
Back to top |
|
|
|