Re: Contivity vpn connections

From: Greg Dore (wondrous_at_nortelnetworks.com)
Date: 04/20/04


Date: Tue, 20 Apr 2004 15:11:37 -0500

In the previous message, Helio Perez wrote:
> Folks,
>
> As I understand the Contivity 1010 support up to 30 multiple
> simultaneous vpn..

5 by default, with an add-on option to get up to 30 tunnels.

> So does this mean I would be able to get access to a Contivity
> 1700 and 2700 at the same time.

The contivity units support multiple tunnels, but your question
seems to be from the point of a client node (Unix, Mac, PC)

If you want to be able to have multiple tunnels from the same
client to different contivity units, you have to find out if
any of the following apply:

a) Can you run multiple instances of the client's vpn
        software at the same time? (one for each tunnel)?
b) Can the client's vpn software support multiple
        concurrent tunnels?
c) If not using vpn software, does the client have or
        need separate network interfaces for connectivity
        to each contivity unit?

> And one could be running a 10.x.x.x ip scheme and the other
> a 192.x.x.x, and split tunneling could be turn on both 1700
> and 2700, I should still be able to access my 47.x.x.x
> local ip addresses correct?

Aha, so you are talking about having multiple VPN tunnels from
the same local (client) machine while still maintaining "normal"
access to the 47.x network.

> If split tunneling is turned off, then I would have to have to
> use the extra NIC card on my PC to still have access to my 47.
> network correct?

After taking points a & b above into account, you may face another
problem if split tunneling is turned off by either contivity unit.
Whichever unit says no to split tunneling demands all IP traffic
from your client. Unless that unit then knows how to route traffic
to the other unit and to CORWAN, you've just lost access to those
subnets. There may be a way to work around this by setting up some
static routes on the client, but that is *way* beyond my ability
to even make an uninformed guess.

> What if both 1700 and 2700 are running the same ip addressing
> scheme? then I would have problems accessing equipment on the
> other side of these Contivity boxes correct?

If you can figure out some magic that will allow the client to
figure out *which* of the multiple machines with the same
IP addresses each packet is destined for, can I have an
autographed picture of you?

-- 
Greg Dore
____
Dis claim, er, ... opinion, yeah, opinion, is mine.


Relevant Pages

  • Re: VPN Tunnel and VPN Client at same time
    ... tunnels, which works fine. ... , the router's IPSec pass-through must be ... Don't you have a s/w client for the linksys?- Hide quoted text - ... With our current router, no VPN client will ...
    (comp.dcom.vpn)
  • Re: VPN Tunnel and VPN Client at same time
    ... tunnels, which works fine. ... , the router's IPSec pass-through must be ... Don't you have a s/w client for the linksys?- Hide quoted text - ... With our current router, no VPN client will ...
    (comp.dcom.vpn)
  • trouble with remote access vpn client configuration - basics
    ... I've got a client with about 5 laptops growing to around 10. ... top and detail the settings I have so far. ... assigned IP address and use that when trying to connect via VPN ... 0.0.0.0 (for client-to-gateway tunnels, ...
    (comp.security.firewalls)
  • Re: Question on Remote Desktop Setup
    ... I have not used that particular client but with PuTTY you configure ... There is no need, at least with PuTTY, to change the listening port on the ... tunnels to the other boxes? ...
    (microsoft.public.windowsxp.work_remotely)