Re: [fw-wiz] VPN Gateway And Nat
From: SimonChan@lifeisgreat.com.sg
Date: 02/23/03
- Previous message: Fredrik Lindström: "Re: [fw-wiz] VPN Gateway And Nat"
- Maybe in reply to: LE CORVIC Y InfoEdpEtcDep: "[fw-wiz] VPN Gateway And Nat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: LE CORVIC Y InfoEdpEtcDep <Yoann.Le-Corvic@socgen.com> From: SimonChan@lifeisgreat.com.sg Date: Sun, 23 Feb 2003 15:58:54 +0800
Hi yoann,
I recently posted an issue regarding Ipsec nat transversal which is similar
to your situation.
Firstly, your router must be able to support IPSec Nat transversal where
the natting doens't destroy the ipsec header.
Perhaps, you would refer back to the list to see some of the suggestions
give by the list members.
tks.
rgds,
simon
LE CORVIC Y InfoEdpEtcDep
<Yoann.Le-Corvic@socgen.com> To: "'firewall-wizards@honor.icsalabs.com'"
Sent by: <firewall-wizards@honor.icsalabs.com>
firewall-wizards-admin@honor.ic cc:
salabs.com Subject: [fw-wiz] VPN Gateway And Nat
02/21/2003 11:44 PM
Hi All,
I have a slight problem with a VPN configuration, and wanted to know if you
all can help. Basically, here is the situation :
PROTECTED_NET-------VPNGATEWAY --------ROUTER-----ClientSecuremote
The public IP Adress of the VPN GATEWAY is natted at the ROUTER, so that
the
ClientSecuremote doesn't access the real IP Adress of the VPNGATEWAY, but
one on the ROUTER.
The intiation sequence works, and the authentication as well, be when the
network topology is downloaded, no access is possible on servers of the
PROTECTED_NET.
I suspect that after topology download, the real IP Adress of the gateway
is
given to ClientSecuremote, which uses it for the remaining of the
communication.
Is there a way to go around that problem, or is it a lost cause... ?
Thanks for your help.
*************************************************************************
Ce message et toutes les pieces jointes (ci-apres le "message") sont
confidentiels et etablis a l'intention exclusive de ses destinataires.
Toute utilisation ou diffusion non autorisee est interdite.
Tout message electronique est susceptible d'alteration.
La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre
de ce message s'il a ete altere, deforme ou falsifie.
********
This message and any attachments (the "message") are confidential and
intended solely for the addressees.
Any unauthorised use or dissemination is prohibited.
E-mails are susceptible to alteration.
Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be
liable for the message if altered, changed or falsified.
*************************************************************************
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: Eye Am: "[fw-wiz] Re: DHCP in a corporate MS environment - Security Risk?"
- Previous message: Fredrik Lindström: "Re: [fw-wiz] VPN Gateway And Nat"
- Maybe in reply to: LE CORVIC Y InfoEdpEtcDep: "[fw-wiz] VPN Gateway And Nat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
