XPost: comp.security.firewalls   
   From: somebody.@nospam.russdoucet.com   
      
    wrote in message   
   news:1143574681.402995.161600@i39g2000cwa.googlegroups.com...   
   > I've got a situation where about 3 or 4 users will need to access an   
   > IPSec VPN. They're all coming from a LAN which is behind a Netscreen-10   
   > firewall which is using NAT. The device they're trying to connect to is   
   > a Netgear FVL328. I don't think NAT-T is available on the Netgear box,   
   > unless there's a new firmware out that I'm not aware of which supports   
   > it (which could very well be...)   
   >   
   > I thought about setting up a LAN-to-LAN vpn, but it looks like that   
   > idea might be hard to sell to the remote side. I don't know if they'd   
   > be open to replacing their VPN device with something NAT-T compatible.   
   >   
   > Is there anything on the Netscreen-10 that can make this work? I'm kind   
   > of new to this particular firewall.   
   >   
   > Thanks!   
      
   The NetScreen 10 is probably find nat'ing the ipsec packets, just make sure   
   it's the latest firmware for it which I believe is 3.03r8 or something like   
   that.  Yes, it's an old box.   
      
   The NS10 is quite capable of doing a lan to lan vpn, I've still got clients   
   using pairs of those for corporate vpn concentrators, they're tough as nails   
   and very dependable.   
      
   -Russ.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)