Solutions

Do I need to define my internal networks when connecting via IPsec to Threatpulse?

Solutions ID:    KB4565
Version:    2.0
Status:    Published
Published date:    08/11/2011
Updated:    08/12/2013
 

Problem Description

Do I need to define my internal networks when connecting via IPsec to Threatpulse?
Do I need to define my internal networks when connecting via IPsec to the Cloud?
Can I forward any traffic from my internal network?
Can I forward non-RFC 1918 traffic into the Cloud?
Why am I failing my IPsec phase 2 proposal?

Resolution

At the time of this writing, all traffic being routed into the Cloud must come from an RFC 1918 defined network (10/8, 172.16/12, 192.168/16).  Any internal networks that do not conform to RFC 1918 networks, or the use of ANY internal network, will fail.  In the future, this requirement may be removed.  Here is what the Threatpulse online documentation states:

The ThreatPulse service supports only two types of Phase 2 proposals:

  • <any internal (RFC 1918) subnet>:6/0 <---> 0.0.0.0/0:6/80
  • <any internal (RFC 1918) subnet>:6/0 <---> 0.0.0.0/0:6/443

For example, TCP from internal address—any port to any address port 80 or port 443.

 

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question