VNC, web server, IPSec

Jim Blancet jblancet@cyca.biz
Fri Jul 11 03:17:00 2003


Hi,

I was setting up IPSec on a couple of Windows boxes tonight. And it generated
a couple of questions for me.

In the past, I have had VNCserver running on a win2k box. I had the web server
piece enabled. My router has port forwarding enabled for port 5900 and 5800. I
could connect via web browser or VNC client no problem.

I decided to setup IPSec to encyrpt data on port 5900. So I created the
profiles on 2 Win2k boxes to encrypt data on port 5900. VNC worked just fine,
via the win32 client and java piece in a web browser, and the ipsec monitor
tool in Windows indicated encyption on port 5900 between the two machines.

WIth the IPSec enabled for port 5900 on the server , I noticed that on a
machine that IPSec was NOT enabled, the port 5800 didnt work either.  WHat I
get when using a browser is the java piece runs and gives me the password box.
When I enter the password and hit the logon button, the connection is dropped
because the negotiation fails.

Does vnc require port 5900 and 5800 for the web browser piece to function?


Jim