Re: Please can someone help me....?

From: Mike (nospam_at_notherematey.com)
Date: 08/14/03 

Date: Thu, 14 Aug 2003 18:30:10 +0100

"Digital_GHost" <digital_ghost@Informationsuperhighway.com> wrote in message
news:Xns93D4C9BAF1C10digitalghost@80.1.224.4...
> Hi,
> Any help or assistance anyone can offer me will be greatly received.
>
> I am trying to set up a VPN between to sites. The following is how I
> have set up the current infrastructure...
>
> 192.168.7.0/24 Internal address which routes through
> 192.168.7.254 green address of a smoothwall firewall.
>
> The red side of the firewall is 10.0.0.254 which connects to an ADSL
> modem (DLink DSL-500). The modem has an internal 10.0.0.1 address and
> obviously an internet ip on the other side..
>
> The problem I have is that I cannot connect the smoothwall VPN to the
> other site which is running the same set up (just different internal
> ip's and the external ip 192.168.8.0/24)
>
> I have spent ages on this problem and cannot figure out what is wrong.
> Everybody at both internal sites can view and ping external address's no
> problems. The issue comes when someone at site a (192.168.7.0) tries to
> ping an address at site b it fails or vice versa. Not at the ADSL Modem
> but after four hops outside the domain giving me the standard
> "destination network unreachable".
>
> What is the best way to configure this kind of set up? Would another
> External IP for the firewall help? If so what is the internal IP of the
> ADSL Modem? I am having to use port forwarding for two ports (1352 and
> 25) on the modem and firewall....
>
> More info on the ADSL Modem can be found here...
>
> http://www.dlink.co.uk/264_309.htm

I think your problem here is that the DSL Router is doing NAT. IPSEC relies
on the packets not being altered (Part of the security) and altering packets
is exactly what NAT does. If you have the same setup at each end then double
traversing NAT is definitely going to be problamatic at best.

I prefer the DSL504 router and operate it in NON-NAT mode (Well documented
on Dlink's ftp site). Everything works fine. I've used these with
Smoothwall, IPCOP and Watchguard SOHOs and Fireboxes.

Relevant Pages

  • Re: VPN Problem, need your help.....
    ... Are you actually connecting one card to the NAT ... get this server to a single NIC scenario ... > VPN server. ... > Internet for all the systems on the network. ...
    (comp.security.firewalls)
  • RE: [fw-wiz] VPN and NAT
    ... the firewall to prevent Internet people seeing them. ... get some kind of firewall inline between the VPN termination and the ... this makes the VPN users internal. ... The only real difference is that you can NAT the in network to make ...
    (Firewall-Wizards)
  • Re: WS2003, XP Clients, and Network Setup Help
    ... AD plus NAT plus PPPoE plus Macs! ... > The server has an Internet connection using PPPoE. ... > remote access in RRAS and try making a VPN connection from a LAN client. ...
    (microsoft.public.windows.server.networking)
  • Re: Need Guidance in my Internet Connection Sharing configuration - SOLVED - Thank you
    ... is my system clock wrong or yours? ... > it is already doing NAT for you. ... > or hub between your aDSL modem and your computers. ... connect to the Internet in either computer, ...
    (freebsd-questions)
  • Please can someone help me....?
    ... I am trying to set up a VPN between to sites. ... The red side of the firewall is 10.0.0.254 which connects to an ADSL ... obviously an internet ip on the other side.. ... Not at the ADSL Modem ...
    (comp.security.firewalls)
Quantcast