pix vpn traffic

Hi,

Sorry for this very basic questions.

Is the following log related to VPN traffic? Or do we have any other log related to VPN traffic?

%PIX-6-302017: Built inbound GRE connection id from interface:real_address (translated_address) to interface:real_address/real_cid (translated_address/translated_cid)[(user)]

What is GRE protocol? Is it related to VPN connection? If yes, what is the protocol that used in the VPN connection?

Kindly help. MSK

Reply to
mskumar
Loading thread data ...

Hi,

I hope GRE is not your VPN protocol, cause it doesn´t encrypt. It just adds an additional header. Your VPN protocol should be somthing like IPSEC. There is also the possibility of a GRE Tunnel going through your VPN, this should be safe. Try "sh crypto map" and "sh crypto ipsec sa" to get some information about your VPN.

regards Andre

Reply to
Andre Janssen

In article , mskumar wrote: :Is the following log related to VPN traffic? Or do we have any other :log related to VPN traffic?

:%PIX-6-302017: Built inbound GRE connection id from :interface:real_address (translated_address) to :interface:real_address/real_cid :(translated_address/translated_cid)[(user)]

:What is GRE protocol? Is it related to VPN connection? If yes, what is :the protocol that used in the VPN connection?

There are two major protocols used for VPN connections: IPSec and GRE. The protocol L2TP runs on top of IPSec, and the protocol PPTP runs on top of GRE.

The messages you would get for IPSec would be quite different. I'm not sure what exactly you would see for PPTP terminating at the PIX.

You would see the GRE message that you do if you had a PPTP software client "behind" the firewall connecting to an outside server.

Reply to
Walter Roberson

In article , Andre Janssen wrote: :I hope GRE is not your VPN protocol, cause it doesn´t encrypt. :It just adds an additional header.

Basic GRE doesn't encrypt, but one of the earliest extension RFCs for GRE adds encryption (but there are security layers it does not add that are added by IPSec.)

:Your VPN protocol should be somthing like IPSEC.

GRE is used by PPTP.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.