KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

Test VPN server alive

 
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting
View previous topic :: View next topic  
Author Message
plambrecht



Joined: 19 May 2004
Posts: 151
Location: Belgium

PostPosted: Mon May 24, 2004 5:47 am    Post subject: Test VPN server alive Reply with quote

Hi,

I need an UDP test to see if my Cisco VPN server (PIX and IOS based) are up and running.
Does anyone have an UDP string to send/receive ?
Ping is not an option, because I disable ICMP on my VPN server.

Anyone ?

Pieter
Back to top
View user's profile Send private message Visit poster's website
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Mon May 24, 2004 8:56 am    Post subject: Reply with quote

What about SNMP test? Or you have disabled SNMP protocol as well?

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
plambrecht



Joined: 19 May 2004
Posts: 151
Location: Belgium

PostPosted: Mon May 24, 2004 9:05 am    Post subject: Reply with quote

KS-Soft wrote:
What about SNMP test? Or you have disabled SNMP protocol as well?


The VPN server is published on the internet, and only accessible through the internet. SNMP is not an option.
A UDP packet looks like the only solution to me.

thx anyway for this reply.

Pieter
Back to top
View user's profile Send private message Visit poster's website
boxy_25



Joined: 02 Dec 2003
Posts: 26
Location: France

PostPosted: Tue May 25, 2004 12:25 am    Post subject: ICMP Reply with quote

Hi,

I think you can open icmp port only for one station (the monitoring station) and block for all the other. You can also allow only "echo request" to securise at maximum.

Cédric.
Back to top
View user's profile Send private message Visit poster's website
plambrecht



Joined: 19 May 2004
Posts: 151
Location: Belgium

PostPosted: Tue May 25, 2004 3:24 am    Post subject: Re: ICMP Reply with quote

[quote="boxy_25"]I think you can open icmp port only for one station (the monitoring station) and block for all the other. You can also allow only "echo request" to securise at maximum.
quote]

the thing is, I don't want to check ICMP, but VPN.
There always is a possibility that the ICMP works, but that de VPN service is down...
Back to top
View user's profile Send private message Visit poster's website
boxy_25



Joined: 02 Dec 2003
Posts: 26
Location: France

PostPosted: Tue May 25, 2004 3:38 am    Post subject: ICMP Reply with quote

HI,

"There always is a possibility that the ICMP works, but that de VPN service is down..."

That depend wich IP you monitor...

If you monitor your internet IP, that's true, you cannot see if VPN is UP
But your VPN is connecting 2 network with different IP range (ex 10.1.0.0 and 10.2.0.0). if there is a computer in 10.1.0.0 that ping 10.2.0.1., you can see if VPN is UP.
You can monitor 2 or 3 IP in the distant network so if they are all dead, the VPN is dead.

Cédric
Back to top
View user's profile Send private message Visit poster's website
plambrecht



Joined: 19 May 2004
Posts: 151
Location: Belgium

PostPosted: Tue May 25, 2004 5:20 am    Post subject: Reply with quote

Your suggestion implies that I make a VPN conncetion and then ping a server of the remote network.
But that is not what I want.
I just want to check if the VPN service is alive bij 'portscanning' the UDP/500 port.
For that I need the UDP packet to send/receive...

Pieter
Back to top
View user's profile Send private message Visit poster's website
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Tue May 25, 2004 2:59 pm    Post subject: Reply with quote

UDP port #500?
ISAKMP protocol http://www.networksorcery.com/enp/protocol/isakmp.htm
?

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
plambrecht



Joined: 19 May 2004
Posts: 151
Location: Belgium

PostPosted: Wed May 26, 2004 2:07 am    Post subject: Reply with quote

Cool site..
Apparently it is not as easy as I thought... No fixed header.. darn..

thx anyway.

Pieter
Back to top
View user's profile Send private message Visit poster's website
ericm



Joined: 10 Feb 2004
Posts: 40

PostPosted: Mon Jun 07, 2004 9:37 am    Post subject: Test VPN Reply with quote

If you find something please post it.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index