RE: VPN / IPSEC

From: Jerimiah J. Cox (Jerimiah@vaforklift.com)
Date: 04/10/02 

From: "Jerimiah J. Cox" <Jerimiah@vaforklift.com>
To: <focus-ms@securityfocus.com>
Date: Wed, 10 Apr 2002 14:23:14 -0400

I believe the Symantec VPN/Firewall Appliance might serve your needs.
Specifically the 200R. Take a look
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=63&PI
D=11392811&EID=0

-----Original Message-----
From: Kevan Smith [mailto:KCSmith@tideworks.com]
Sent: Wednesday, April 10, 2002 12:54 PM
To: 'Sherif Makram Saad'; focus-ms@securityfocus.com;
mcse@list.LearnQuick.Com
Subject: RE: VPN / IPSEC

As I recall, the limitation is that the NAT functionality modifies the IP
headers, which corrupts IPSec; so
        IPSec client -> NAT gateway -> Internet -> NAT gateway -> IPSec
client
wouldn't work.

I do not believe the reverse holds true, so you should be able to have
        IP Clients -> NAT gateway -> IPSec gateway -> Internet -> IPSec
gateway -> NAT gateway -> IP Clients

Theoretically, anyway (or perhaps I should say 'My theory' :). I haven't
tested this, and if you are able to get it to work I'd be interested to know
your final configuration and how you overcame any technical hurdles.

Kevan Smith
NT Administrator
Tideworks Technology

-----Original Message-----
From: Sherif Makram Saad [mailto:shsaad@misc.com.eg]
Sent: Wednesday, April 10, 2002 2:47 AM
To: focus-ms@securityfocus.com; mcse@list.LearnQuick.Com
Subject: VPN / IPSEC
Importance: High

I have a case with my client and I need your opinion .

2) The main branch using ADSL to connect to the internet , and other
branches using Leased lines or dial up connection to connect to the
Internet , I want to implement VPN /IPSEC but as I know this type of
connections doesn't work with NAT
any suggestions ?

3) If I'm going to use on the main branch VPN/IPSEC using windows Dot
Net Server or shiva land rover and those connection is connected
directly to the Internet , LAN servers behind NAT ,ICS ...... is it
possible to connect in this case using IPSEC / VPN for remote offices ?
and where to type the shared secret in windows 2000 ADv. server .

                                Regards

Relevant Pages

  • Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall
    ... My belief is that your NAT ... My understanding is that IPSec AH protocol does not work with NAT devices ... IPSec operates in either one of two modes - transport mode or tunnel mode. ... provide a VPN remote access solution. ...
    (microsoft.public.win2000.security)
  • Re: IPsec + NAT + mehrere Tunnelendpunkte
    ... >> Verbindung zu ihrem Firmennetz per VPN aufbauen können. ... Cisco verwendet zum Bleistift Port 2000 dafuer. ... >> weiteren IPsec Tunnel zu einem anderen Endpunkt aufbauen möchte. ... > Dieser USR^W3Com NAT-Router bei ihm, ...
    (de.comp.security.firewall)
  • Re: Linux v Dedicated NAT routers - secure remote differences
    ... I think I have got the core of the issue, I assume you are using an IPsec ... VPN, so here is a quote form a Cisco paper on VPNs: ... NAT After IPSec ... then your Linux may not forward GRE for some reason. ...
    (comp.security.firewalls)
  • Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall
    ... external VPN servers? ... > I did know you have Linux for NAT and my original suggestions still stand. ... > solution has IPsec passthrough, ...
    (microsoft.public.win2000.security)
  • Re: WRT54GL with DD-WRT VPN firmware - wheres the beef?
    ... this morning I was messing around with the built-in vpn ... I created an incoming connection and forwarded port ... Sonicwall prefers an IPSec VPN. ... people in the remote office need to access an Excel spreadsheet that is on ...
    (alt.internet.wireless)