[prev in list] [next in list] [prev in thread] [next in thread]
List: novell
Subject: Re: Using VPN client with NAT
From: Randy Grein <randygrein () comcast ! net>
Date: 2004-10-27 5:46:03
Message-ID: 7D6FB314-27DB-11D9-94C6-000A95D96856 () comcast ! net
[Download RAW message or body]
Sorry for the delay...
Proxy wouldn't work either. Both would rewrite too much of the packet,
trashing the validation tags. What you need is a VPN tunnel, which (I
believe) is why Novell is eventually migrating to linux firewall
solutions. BM is good, but market evolution has left it standing by
itself in this area.
Randy Grein, Master CNE, CCNA
On Oct 25, 2004, at 8:43 AM, Scott Etienne wrote:
> Randy,
>
> Below, you state that proxys do not use NAT. Does that mean that there
> might be a way to get a previously, not working VPN client to work by
> setting up some kind of BM proxy? Can you do a VPN proxy on BM?
>
> I have a cisco VPN client at home and have to put the workstation on
> the Internet to get the connection to work. I would like to change
> that.
>
> I am currently on BM 3.6, but plan on upgrading it sooner or later.
>
> Scott Etienne
> Network Engineer
> Enesco Corp
> setienne@enesco.com
> 630-875-5611
>
>>>> randygrein@comcast.net 10/24/2004 10:55:13 AM >>>
> It will depend completely on the VPN type. For example, PPTP does not
> traverse a NetWare NAT and there's no solution. NAT is not handled in a
>
> stardard way (there are no standards set for it) and most all NAT
> solutions create problems with some VPN - except with that vendor's own
>
> custom VPN solution, of course.
>
> When a VPN solution will work from inside a NAT boundary there should
> be few problems with filtering if you're set up to handle generic
> traffic without proxys (which, BTW does NOT use NAT). The session is
> initiated by the client and should come back as a return packet on the
>
> complimentary port pair. Emphasis on should. You may need to sniff a
> working solution to make a determination of the full traffic needs, or
>
> involve the VPN vendor.
>
> Randy Grein, Master CNE, CCNA
> On Oct 23, 2004, at 11:13 AM, Alar Pandis wrote:
>
>> Hi!
>> NW5.1SP5, BorderManager 3.6SP1 (NAT, dynamic). Does computers behind
> BM
>> firewall can connect to VPN server (server's may vary) outside
>> firewall? In
>> KB I read that this depends as not all VPN servers support Novell
> NAT.
>> When
>> it is possible which standard ports must be opened for connecting to
>
>> VPN
>> server?
>> More thanks, Alar.
>>
>> _______________________________________________
>> Novell mailing list
>> Novell@netlab1.usu.edu
>> http://netlab1.usu.edu/mailman/listinfo/novell
>>
>
> _______________________________________________
> Novell mailing list
> Novell@netlab1.usu.edu
> http://netlab1.usu.edu/mailman/listinfo/novell
> _______________________________________________
> Novell mailing list
> Novell@netlab1.usu.edu
> http://netlab1.usu.edu/mailman/listinfo/novell
>
_______________________________________________
Novell mailing list
Novell@netlab1.usu.edu
http://netlab1.usu.edu/mailman/listinfo/novell
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic