Linux v Dedicated NAT routers - secure remote differences
From:Date: 09/27/02
- Next message: Brian Smither: "ZoneAlarm Free 3.1.395 and FRAMEWRK.DLL"
- Previous message: Vincent WILLEMS: "Re: FW1 NG SSL hotfix install problems"
- Next in thread: Leonid Rosenboim: "Re: Linux v Dedicated NAT routers - secure remote differences"
- Reply: Leonid Rosenboim: "Re: Linux v Dedicated NAT routers - secure remote differences"
- Reply: Angel: "Re: Linux v Dedicated NAT routers - secure remote differences"
- Reply: Robert Davis: "Re: Linux v Dedicated NAT routers - secure remote differences"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Sep 2002 21:06:13 GMT
My collegues, using NAT routers (such as Netgear RP114) can get a secure
remote tunnel from a Windoze machine behind it to talk through a Checkpoint
FW-1 firewall. I can't with a linux NAT box. WHY?
More details ...
My company allows remote laptop computers connected via the internet
to access its internal systems using secure remote installed on the
laptop. We all have little Secure ID cards that calculates a time
windowed password for these as an added security. The set up defines
UDP encapsulation with IKE. The company uses the Checkpoint
Firewall-1
I can connect my Win98 laptop via a dial up connection to the
internet, and this setup works.
At home I have a small internal network controlled by a linux box
acting as a firewall, NAT device and gateway onto a cable modem based
in IPTABLES. Sitting behind this box, attempts to connect my win98
laptop using secure remote fail.
A number of other people have purchased dedicated
Router/Hubs (Netgear RP114 is one such device) for their cable
providers and are then connecting their laptops to these. All of
these people report that their version of secure remote works just
fine.
Win98 --- Linux --- Internet --- FW-1 --- Internal company
Above configuration fails
Win98 --- Netgear RP114 --- Internet --- FW-1 --- Internal company
Above configuration works
I spent some time running ethereal on my linux box and a contact inside the
internal IT department on the phone looking at the other end trying to see
why it didn't work. I communicate with the firewall and negotiate the key
exchange correctly. My PC then tries to use the encrypted channel to talk
to internal services (I was trying NNTP connection to a news service) and
I see the packet go out, but no reply comes back. My IT department
collegue reports that the IP address allocated by DHCP by my linux
router (10.0.10.30) is seen as the return address of the decrypted
packets inside the company - so when I access a service the reply does
not know how to get routed back to me.
The problem is, that now that other solutions are seen to work no one is
prepared to spend more time helping me get my linux solution working. I am
pretty sure that these devices are acting as also acting as NAT devices
(one collegue has told me he had been allocated 10.0.0.152 as his IP
address).
I have tried reading the Linux VPN HowTo, but these seem to assume
that the tunnel starts at the linux box rather than on a NAT'ted
machine behind.
Could someone explain in simple terms how the setup I am describing
should work and what could be the differences between what I could be
doing with standard linux (2.4.18) and whatever might be in these
routers (I assume these are quite likely to be linux variants).
Thanks
-- Alan Chandler
- Next message: Brian Smither: "ZoneAlarm Free 3.1.395 and FRAMEWRK.DLL"
- Previous message: Vincent WILLEMS: "Re: FW1 NG SSL hotfix install problems"
- Next in thread: Leonid Rosenboim: "Re: Linux v Dedicated NAT routers - secure remote differences"
- Reply: Leonid Rosenboim: "Re: Linux v Dedicated NAT routers - secure remote differences"
- Reply: Angel: "Re: Linux v Dedicated NAT routers - secure remote differences"
- Reply: Robert Davis: "Re: Linux v Dedicated NAT routers - secure remote differences"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
