Re: Cisco VPN Client pass-through a Netscreen?
From: Jens Hoffmann (jh_at_bofh.de)
Date: 06/22/04
- Next message: Tim Smith: "Re: iptables file format"
- Previous message: Alec: "Re: Opinions: To NAT or not to NAT?"
- In reply to: admin too: "Cisco VPN Client pass-through a Netscreen?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Jun 2004 08:36:43 +0200
Hi,
admin too <nguser2u@no.spam.AOL.com> wrote:
> I have a couple clients vesting a site where they have a small Netscreen
> unit and they will need to tunnel through to our home site using the Cisco
> VPN Client software on their laptop. What should I tell the local admin to
> do? Open which ports and how to config VPN pass-through?
http://5xp.support.netscreen.safeharbor.com/knowbase/root/public/ns1177.htm?
I made the assumption, that the netscreen is in NAT mode ;)
Could be in route mode, than you have to work accordingly.
The netscreen knowledgebase is useful.
Why don't you use a site-to-site VPN with the netscreen acting
as a client against you VPN-concentrator?
Then the local admin has a chance to enforce some policy regarding
the connection to your site and does not need to trust the foreign client.
Greetings,
Jens
- Next message: Tim Smith: "Re: iptables file format"
- Previous message: Alec: "Re: Opinions: To NAT or not to NAT?"
- In reply to: admin too: "Cisco VPN Client pass-through a Netscreen?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
