Re: [fw-wiz] Site-to-Site VPN Gateway behind NAT device

From: Rob Hughes (rob_at_robhughes.com)
Date: 03/27/05

  • Next message: jfvanmeter_at_comcast.net: "Re: [fw-wiz] Screening Router as a firewall" 
    To: firewall-wizards@honor.icsalabs.com
Date: Sun, 27 Mar 2005 07:55:31 -0600

    On Tue, 2005-03-22 at 22:33 -0800, Nick Brandson wrote:
    > Dear guru,
    >
    > Does anyone try build site-to-site VPN with one
    > gateway behind a NAT device (like a router or a load
    > balancer)?
    >
    > Both gateways are using NGAI R55 on SecurePlatform.

    The only way to do this with CP is when a single manager controls all
    the VPNs and nat'ing. Since you can't disable AH, that'll cause the VPN
    to barf when you NAT one of the end points.

    Rob
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: jfvanmeter_at_comcast.net: "Re: [fw-wiz] Screening Router as a firewall"

    Relevant Pages

    • Re: Routing behind NAT server
      ... I have set RIP on both modem and win2k server. ... I suspect that RIP isn't really working on the NAT Device, ... single static route on the NAT Device that specifies that the route to ... as their Default Gateway. ...
      (microsoft.public.windows.server.networking)
    • RE: Alternative to VPN
      ... Congrats on looking for alternatives to VPNs. ... Personally I highly recommend methods that use a ... and the webserver can further be protected by firewalls like ISA. ... which are also based on an Application Gateway include OWA Public Folders. ...
      (microsoft.public.windows.server.sbs)
    • Re: Hardware firewall needed?
      ... "Philip Herlihy" wrote in message ... > installed which I'd recently figured out was really a NAT device, ... > still pretty foggy about what risks remain. ... gateway, aren't going to be able to set up a VNC connection without ...
      (microsoft.public.security)
    • Re: Checkpoint NG AI VPN nated
      ... My system does not have public IP on VPN gateway and I ... As I said you would need to configure a Static NAT to the gateway. ... address as the NAT device IYSWIM. ...
      (comp.security.firewalls)
    • Re: [opensuse] [hope not OT] asking for office network optimize suggestions
      ... I think you can solve this just by adding explict routes and gateways. ... It's probably also possible to use VPNs but I have no experience with them. ... traffic for A or B must be sent via gateway bossdog, ... traffic for C must be sent via gateway bossdog and tell bossdog that all ...
      (SuSE)