[fw-wiz] ipsec nat transversal

From: SimonChan@lifeisgreat.com.sg
Date: 02/19/03

  • Next message: Reckhard, Tobias: "RE: [fw-wiz] (no subject)"
    To: firewall-wizards@honor.icsalabs.com
    From: SimonChan@lifeisgreat.com.sg
    Date: Wed, 19 Feb 2003 09:27:08 +0800

    Hi fellow wizards,

    I have this situaton here :

    I have an existing Firewall / VPN gateway and we have remote users vpn
    client connecting to it.

    We are in the process of putting an additional firewall in front of the
    existing firewall.
    If both Firewalls are running NAT, can the remote vpn client connect to the
    2nd Firewall.

    I understand that the term "ipsec Nat transversal" function is required on
    the 1st firewall
    in order to allow IPSec traffic to pass through.

    Is that Correct ?





    The email is only for the use of the person or entity to whom it is
    addressed and contains information that is privileged and confidential. If
    you, the reader of this email are not the intended recipient, any
    distribution, copying or dissemination of this email is strictly
    prohibited. If you have received this email in error, please contact the
    sender immediately by return email and delete this email. Thank you. Please
    visit our website at http://www.lifeisgreat.com.sg.


    firewall-wizards mailing list

    Relevant Pages

    • RE: Sandboxing
      ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
    • Re: VPN Firewall for new webserver
      ... > I'm setting up a webserver at a colocation and I need to put a VPN ... You're not going to get a quality firewall for that amount, ... and D-Link makes a DI-804HV unit ... users access to the SQL server, let them do it through a VPN session. ...
    • Re: Firewall Info/Recommendations?
      ... I would seriously consider an air-gap solution. ... Let me outline a few features that no other firewall can touch. ... Provide secure access without a VPN from any web browser (this greatly ... > manageable without much higher-level support if you want things like ...
    • Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
      ... complexity and architectural inelegance of having 3-5 gateway security ... VPN) convinced me to eventually champion a migration to Symantec's SGS ... Nice balance of "default deny" at the firewall, ...
    • Re: two winxp home machines, varied results
      ... >The only firewall I have on my machine *aside* from the Cisco VPN ... Please don't change "restrictAnonymoussam", only ... >Here is the IPCONFIG and BROWSTAT listings for each machine. ...