RE: [fw-wiz] (no subject)

From: Sloane, David (DSloane_at_vfa.com)
Date: 10/24/03

  • Next message: Gianpiero Porchia: "[fw-wiz] Real Traffic Testing"
    To: "DeMoss, Scott" <sdemoss@doble.com>, <firewall-wizards@nfr.com>
    Date: Thu, 23 Oct 2003 18:28:58 -0400
    
    

    Scott,

    Your router does Network Address Translation - NAT. It has one real,
    routable, on-the-internet IP address. Your two computers, when
    connecting to anything on the internet, appear to have that
    one-real-routable IP address.

    Your VPN server/firewall/device sees the first connection from Computer
    A using IP address X - the one-real-routable IP address. The session is
    set up and humming along.

    When Computer B tries to set up a session, it also shows up as IP
    address X. The VPN server, depending on that address to be unique,
    drops the Computer A session and sets up a new one.

    As far as I can tell, you need a different kind of solution.

    Some possibilities, in order of increasing complexity:

    1. Set up the VPN connection from the Netopia router (if it supports
    such a function). Then your two machines can talk over the same tunnel
    to your VPN server.

    2. Take the Netopia router out of the picture, buy a second IP address
    from your ISP, secure your two computers with host-based firewalls, and
    away you go.

    3. Deploy a second VPN device at the network to which you're connecting
    (conceivably, you could just add an IP address to the VPN server, who
    knows). Connect one client to each VPN device or address using your
    current home network setup.

    4. Deploy a different VPN technology which can accept multiple sessions
    from the same remote IP address.

    Good luck.

    -David

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of DeMoss,
    Scott
    Sent: October 23, 2003 4:54 PM
    To: firewall-wizards@nfr.com
    Subject: [fw-wiz] (no subject)

    I happened apon your e-mail address while searching for an answer to a
    VPN problem I am having... So, I am sending a question in hopes that
    you are the Genie in the bottle that I have been looking for.

    I run my VPN through a Cisco Client to my main office. It worked fine
    going through enternet 300 and then through a Netopia Cayman 3546 ADSL
    router. I put the router in place to access the VPN through two
    computers. I get the internet with both computers but I get kicked off
    the VPN at one computer when I try to log on at the other? But it
    works fine while I am on. So, can I not log on from two locations,
    even though I have internet from both locations? Or is there something
    else I need to do? I was told that the router was the answer..... so
    far it is not. I am on DSL, if it makes a difference. Any reply
    would be great..... even "get lost" :)

    But the cure would be great?

    Thanks,

    Scott

    Scott A. De Moss
    Lab Manager
    Doble Engineering Company - Midwest Lab
    5335 West Minnesota Street
    Indianapolis, Indiana 46241
    Phone: 317-381-0901
    Fax: 317-381-0867
    Cell: 765-346-1807

    _______________________________________________
    firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Gianpiero Porchia: "[fw-wiz] Real Traffic Testing"