Re: (slightly OT) IPSec with dynamic IP

From: Eric Anderson (anderson@centtech.com)
Date: 12/10/02 

Date: Mon, 09 Dec 2002 17:00:06 -0600
From: Eric Anderson <anderson@centtech.com>
To: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>

Fernando Gleiser wrote:
> I'm sorry if this is OT for -security. I sent it to -questions but
> got no answer.
>
> I need to set up a VPN between a corporate LAN and roaming users. The
> firewall is a FreeBSD 4.7 box with ipf/ipnat and will act as a security
> gateway for the tunnel.
>
> On the other side there are several Win2K/XP boxes connected to the
> Internet via DSL/cable modem/dialup/carrier pigeon/whatever and they have
> a different IP every time they connect.
>
> The problem is: every single doc/tutorial/man page/ I've read says how to
> set up the SA with static IPs, but now one side is dynamic.
>
> So the questions are:
>
> 1. Is this posible?
> 2. If it's posible, can I do it with IKE/ISAKMP?
> 3. Does anybody have a pointer to a doc which says how to do it? I'll rtfm,
> just tell me where the fm is :)

1. Yes, it is possible.. You'll have to do something with certificates
probably, or use mpd on the server end. There are other solutions,
those are just a few things..

2. Maybe.. Are you trying to connect each individual windows box, or
are you going to have a firewall/gateway that does this for all of them
(the entire lan)?

3. I don't know .. maybe... I have this working, so maybe I should
write one up.. :)

Eric 

-- 
------------------------------------------------------------------
Eric Anderson	   Systems Administrator      Centaur Technology
Beware the fury of a patient man.
------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: iptables firewall with 3 networks
    ... >I've been tasked with creating a firewall on a linux system using iptables ... >The Corporate LAN must be able to get to the Support LAN and the Customer ... The only input rules you want is to access services run _on_ the ...
    (comp.security.firewalls)
  • RE: AD behind a firewall
    ... | We have an Active Directory that is used for applications, ... | firewall ports I need to open up. ...
    (microsoft.public.win2000.active_directory)
  • RE: AW: Two VPN clients on one computer
    ... Is it on a 'home' pc or is it on a corporate LAN? ... If its on a LAN why not setup firewall to firewall VPN's? ... Subject: AW: Two VPN clients on one computer ...
    (Security-Basics)
  • AD behind a firewall
    ... We have an Active Directory that is used for applications, ... firewall ports I need to open up. ...
    (microsoft.public.win2000.active_directory)
  • Re: Juniper firewall
    ... > On my search for a toolkit to build a proxy firewall I found the Juniper ... > Wieviele Mitarbeiter von Microsoft benoetigt man fuer das auswechseln ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)