Jump to content
Sign in to follow this  
Dalmato

IPSec over PPTP

Recommended Posts

Während der Vorbereitung für die 70-291 ist mir etwas aufgefallen; der Microsoft RAS Server 2003 bietet standardmäsig keine Verschachtelung der PPTP-Protokollen ( TCP-Port 1723 und GRE-TCP-Protokoll 47) in einer IPSec-Schale. Angeboten wird nur die Verschachtelung der L2TP-Protokollen. Aber mit ein bischen Mühe, es geht. Eine IPSec-Richtlinie mit 2 Filter, jewals für UDP 1723 und GRE, die über GPO oder lokal auf dem Server erstellt wird. Die Richtlinie Client (nur Antwort) auf dem VPN-Client aktivieren und das ist alles. Beispiel für Kapselung des GRE:

 

ETHERNET: EType = Internet IP (IPv4)

ETHERNET: Destination address = 000103C72C30

ETHERNET: 0....... = Individual address

ETHERNET: .0...... = Universally administered address

ETHERNET: Source address = 0004761F12CC

ETHERNET: .0...... = Universally administered address

ETHERNET: Ethernet Type : 0x0800 (Internet IP (IPv4))

IP: Protocol = AH - Authentication Header for IP Security Protocol; Packet ID = 29833; Total IP Length = 104; Options = No Options

IP: Version = IPv4; Header Length = 20

IP: 0100.... = IP Version 4

IP: ....0101 = Header Length 20

IP: Type of Service = Normal Service

IP: 000..... = Precedence - Routine

IP: ...0.... = Normal Delay

IP: ....0... = Normal Throughput

IP: .....0.. = Normal Reliability

IP: ......0. = Normal Monetary Cost

IP: Total Length = 104 (0x68)

IP: Identification = 29833 (0x7489)

IP: Fragmentation Summary = 0 (0x0)

IP: .0.............. = May fragment datagram if necessary

IP: ..0............. = Last fragment in datagram

IP: ...0000000000000 = Fragment Offset 0 (0x0000)

IP: Time to Live = 128 (0x80)

IP: Protocol = AH - Authentication Header for IP Security Protocol

IP: Checksum = 31827 (0x7C53)

IP: Source Address = 192.168.100.50

IP: Destination Address = 192.168.100.3

AH: Protocol = ESP, SPI = 0x870B1B86, Seq = 0xE

AH: Next Header = ESP - Encap Security Payload for IP Security Protocol

AH: Payload Length = 6 (0x6)

AH: Reserved = 0 (0x0)

AH: Security Parameters Index = 2265652102 (0x870B1B86)

AH: Sequence Number = 14 (0xE)

AH: Authentication Data: Number of data bytes remaining = 12 (0x000C)

ESP: SPI = 0xB433EEF9, Seq = 0xE

ESP: Security Parameters Index = 3023302393 (0xB433EEF9)

ESP: Sequence Number = 14 (0xE)

ESP: Padding: Number of data bytes remaining = 4 (0x0004)

ESP: Pad Length = 4 (0x4)

ESP: Next Header = GRE - General Routing Encapsulation

ESP: Authentication Data: Number of data bytes remaining = 12 (0x000C)

GRE: ..KS....A....... Length: 18, Call ID: 17082

GRE: Flags Summary = 12417 (0x3081)

GRE: 0............... = Checksum Absent

GRE: .0.............. = Routing Absent

GRE: ..1............. = Key Present

GRE: ...1............ = Sequence Number Present

GRE: ....0........... = Strict Source Route Absent

GRE: ........1....... = Acknowledge Sequence Number Present

GRE: Recursion Control = 0 (0x0)

GRE: Ver = 1 (0x1)

GRE: Protocol Type = 0x880B

GRE: Key Length = 18 (0x12)

GRE: Key Call ID = 17082 (0x42BA)

GRE: Sequence Number = 12 (0xC)

GRE: Ack Number = 12 (0xC)

PPP: Internet Protocol Control Protocol Frame (0x8021)

PPP: Protocol = Internet Protocol Control Protocol

IPCP: Configuration Acknowledgement, Ident = 0x06

IPCP: Code = Configuration Acknowledgement

IPCP: Identifier = 6 (0x6)

IPCP: Length = 16 (0x10)

IPCP: Option: Address = 199.101.99.12

IPCP: Option Type = Address

IPCP: Option Length = 6 (0x6)

IPCP: Source Address = 199.101.99.12

IPCP: Option: Primary DNS Server Address = 192.168.100.1

IPCP: Option Type = Primary DNS Server Address

IPCP: Option Length = 6 (0x6)

IPCP: Primary DNS Server Address = 192.168.100.1

Share this post


Link to post
Share on other sites
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte überlege Dir, ob es nicht sinnvoller ist ein neues Thema zu erstellen.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

Werbepartner:



×
×
  • Create New...