VNC, web server, IPSec

Jim Blancet
Fri Jul 11 03:17:00 2003


I was setting up IPSec on a couple of Windows boxes tonight. And it generated
a couple of questions for me.

In the past, I have had VNCserver running on a win2k box. I had the web server
piece enabled. My router has port forwarding enabled for port 5900 and 5800. I
could connect via web browser or VNC client no problem.

I decided to setup IPSec to encyrpt data on port 5900. So I created the
profiles on 2 Win2k boxes to encrypt data on port 5900. VNC worked just fine,
via the win32 client and java piece in a web browser, and the ipsec monitor
tool in Windows indicated encyption on port 5900 between the two machines.

WIth the IPSec enabled for port 5900 on the server , I noticed that on a
machine that IPSec was NOT enabled, the port 5800 didnt work either.  WHat I
get when using a browser is the java piece runs and gives me the password box.
When I enter the password and hit the logon button, the connection is dropped
because the negotiation fails.

Does vnc require port 5900 and 5800 for the web browser piece to function?