Tunneling thru cisco routers
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Tunneling thru cisco routers

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    15

    Tunneling thru cisco routers

    Is it hard to tunnel thru a cisco router if you don't have access to the router. I want to be able to access my computer from home but theres a stupid firewall in the way. How would I make it so I could get thru it.

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    It's easy. You need something that does port forwarding (stunnel is best, if you can get it on your platform) to be run on the machine you're using, and the remote machine. So say you wanted to use Oracle's SQL*Net (port 66) from your work machine to your home machine, but the firewall only allowed outgoing connections on port 80 (http - WWW). You already have the server (Oracle listener) set up on your home machine, listening on port 66. You'd use stunnel to set up the tunnel like this:
    Code:
    +------------------------------------+
    | Work                               |
    |                                    |
    | SQL*Net--66--stunnel--80-----------+--+
    +------------------------------------+  |
                                            |
                                            |
                                      +----------+
                                      | Firewall |
                                      +----------+
                                            |
                                            |
     +-----------------------------------+  |
     | Home                              |  |
     |                                   |  |
     | Oracle Listener--66--stunnel--80--+--+
     +-----------------------------------+
    (Note that you cannot run a web server on your home machine in this scenario, as stunnel is already running on port 80.)

    All of the above is not specific to stunnel, you can use any port redirector you want. The below is specific to stunnel.

    The commands you would run to set up the above tunnel are:
    Code:
    home:# stunnel -c -d localhost:80 -r localhost:66
    work:# stunnel -c -d localhost:66 -r home.example.com:80
    Enjoy!

  3. #3
    Member
    Join Date
    Apr 2003
    Posts
    54
    j3r is right. There are also alot of other apps for remote desktoping and VPN. You can set most of them to use certain ports (ones that the router doesnt bock) and it works great, just google for some. I do it from college to my comp but I just use Microsofts stuff...
    101010 = The answer to liff the universe and everything...

  4. #4
    Senior Member
    Join Date
    Jul 2001
    Posts
    343

    VPN

    Hi All;

    Since someone brought up VPN and tunnelling....
    I have a VPN problem.....
    My telco uses a nonroutable IP between me and
    my ISP Example my computer - 192.168.113.5 - Router at my ISP
    Problem.... If trying to use VPN to a remote computer via my ADSL
    circuit...no go....
    I can and do use port forewarding for my web/mail server here at my
    shop and several other functions... no problem...
    Even a Game Server will work....
    But no VPN......
    Ideas ???? Work arounds ????

    And no... my Telco will not fix it and both my ISP and myself
    have tried ....

    I use a Linksys router and a Pairgain Modem to my ADSL circuit
    My ISP uses a Cisco router on his sie of the link to the ADSL DSlam
    We do not have control of that nonroutable IP address....

    Thanks
    Franklin Werren at www.bagpipes.net
    Yes I do play the Bagpipes!

    And learning to Play the Bugle

  5. #5
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    I don't know much about VPN's yet, but I would think that they would have to configure there perimiter router to allow VPN passthrough and port forward it your IP.

    Something which I think they wouldn't do. Now I might be wrong, but I think thats right.
    =

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    cheyenne1212, you are, unfortunately, right. I believe some VPN solutions have noticed that this is a problem, and tunnel the VPN connection through port 80. (I think Cisco does this?)

    One laughably complex solution might be to run a tunnel to a machine outside your ISP, and try to route the VPN traffic through there. That would, of course, require that your VPN software used vanilla TCP, which it probably doesn't.

  7. #7
    Senior Member
    Join Date
    Sep 2003
    Posts
    156
    If there is a firewall between you and your home PC, then how would stunnel help?

    If the firewall is of any quality, then it will block all incoming connections that aren't associated with a connection that is made from the inside first. So unless you have access to that firewall to open those ports then you won't be able to do much.

    Ports will need to be opened on the firewall of the side that you are connecting to. I guess if you had software that could connect to your remote machine from your house, then you would be all set.

    I don't know..it's 12:15am, and I've slept maybe 5 hours in the last week, so maybe I'm misunderstanding the question. My apologies if I am.

  8. #8
    Junior Member
    Join Date
    Feb 2003
    Posts
    19
    Well creating a real vpn through a cisco does not depend on port ranges... The vpn is conf'ed in such a way that u mask the vpn ip addresses from the rest of the internet. This is usually done via the BGP routing protocol and a switch that supports the vlan function. Then wwhen all that is conf'ed u set up a few access lists and u have a vlan. This is secure and since nobody from the internet have access to your ip address you can't be hacked...
    Instead of buying expensive software or hardware that can make a "vpn" on port 80(or whatever) you might aswell use a good remote pc program. They might call it vpn but it so far from it as can be especially if it runs on port 80, which it one of the first ports to be scanned by the most crappy of port sniffers.

    In all cases ur a bit screwed if you dont have access to the firewall since you can forward any ports inc. port 80 to your internal ip address

    +------------------------------------+
    | Work |
    | |
    | SQL*Net--66--stunnel--80---+--+ outgoing will work fine
    +------------------------------------+ |
    |
    v
    +----------+
    | Firewall |
    +----------+
    T
    |
    +-----------------------------------+ |
    | Home | |
    | Oracle | |
    | Listener--66--stunnel--80--+--+ Incoming trafic will NOT be forwarded
    +-----------------------------------+ unless the firewall is conf'ed

    But then again it migt be that the home computer opens the connection and keeps it open, that u may connect to it remotely... But i wouldn't count it.

    If you can get access to the firewall or have the firewall admin make the changes for you it would be easier.. But without the ability to forward ports nothing big will happe no matter what solution you decide to try out.

  9. #9
    Junior Member
    Join Date
    Aug 2002
    Posts
    25

    Re: VPN

    Originally posted here by Highlander
    Hi All;

    Since someone brought up VPN and tunnelling....
    I have a VPN problem.....
    My telco uses a nonroutable IP between me and
    my ISP Example my computer - 192.168.113.5 - Router at my ISP
    Problem.... If trying to use VPN to a remote computer via my ADSL
    circuit...no go....
    I can and do use port forewarding for my web/mail server here at my
    shop and several other functions... no problem...
    Even a Game Server will work....
    But no VPN......
    Ideas ???? Work arounds ????

    And no... my Telco will not fix it and both my ISP and myself
    have tried ....

    I use a Linksys router and a Pairgain Modem to my ADSL circuit
    My ISP uses a Cisco router on his sie of the link to the ADSL DSlam
    We do not have control of that nonroutable IP address....

    Thanks


    When you try the VPN you are encapsulating the packets twice. This will probably will not work unless you can figure out some way on the destination firewall to tell where the return packets should go.

    Also make sure anything to do with IPSEC and/or PPTP passthru is turned on the local routers. Port forwarding has nothing to do with VPN because the packets are encrypted from the gateway (the device or your machine with the software loaded).
    -Producer

  10. #10
    Senior Member
    Join Date
    Sep 2003
    Posts
    156
    Originally posted here by cbo
    ..... The vpn is conf'ed in such a way that u mask the vpn ip addresses from the rest of the internet. This is usually done via the BGP routing protocol and a switch that supports the vlan function. Then wwhen all that is conf'ed u set up a few access lists and u have a vlan. This is secure and since nobody from the internet have access to your ip address you can't be hacked...
    Please tell me you are talking about the VPN that Highlander posted about.

    if not...you seriously need to put down that crack pipe.

    A VPN does not need BGP or VLANs to make a successful connection. Can you do it? Yes. Is it required? No.

    again...if you're talking about Highlanders VPN issue, then disregard this post.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •