PIX VPN -- setting encryption to 'none' for debugging

[Dave Owens <dowens () iquest net>]

Hi All,

   I have a working VPN from a Sidewinder (my end) to a PIX.  By "working" 
I mean that ip-proto-50 traffic is being passed, so there seems to be a 
good SA.  However, the telnet session I'm attempting through the VPN never 
has worked.  There's some NAT going on at the other end, so there's some 
possible problem areas.

   The packets coming back to the Sidewinder never make it to the client 
application.  To debug this thing, I'd like to be able to see the 
unencrypted packets as they're returned.  On the Sidewinder I can select 
"none" for the IPSec Crypto Algorithm, but the folks on the PIX end of the 
VPN don't seem to think that option is available.  My own research led me 
to some PIX commands that consisted of 'crypto ipsec' and 'null', which was 
changed on both ends of the VPN, but that didn't make the packets 
readable.  The Sidewinder folks tell me that the encryption must be set to 
'none'.

   Does anyone know how to set encryption to 'none' on a PIX, or have any 
other suggestions for figuring this think out?

Thanks,

Dave
dowens () iquest net


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards