home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.dcom.vpn      VPN protocols, clients, awesomeness      2,348 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 417 of 2,348   
   shope to Venger   
   Re: VPN - supporting multiple private NA   
   01 Nov 03 14:10:21   
   
   XPost: comp.security.firewalls   
   From: stephen_hope@xx.ntlworld.com   
      
   "Venger"  wrote in message   
   news:KridnTGk85FIdDyiRVn-gQ@august.net...   
   >   
   > Gentlemen -   
   >   
   > Have a client with a pair of offices linked with Sonicwall VPN between   
   > them - 192.168.1.X and 2.X. Works famously, better than I ever expected it   
   > to.   
   >   
   > We wish to connect a laptop to one of the office firewalls across the   
   > internet via VPN. This brought about a conflagration of conflicting   
   thoughts   
   > about what can, and cannot, be done.   
   >   
   > If said laptop is behind a NAT router with a 192.168.1.X address, it   
   cannot   
   > create a VPN to the first Sonicwall - the destination route and local   
   route   
   > are the same. If we were to connect to the second firewall, it would   
   appear   
   > that since that firewall is already attached via a site to site VPN, it   
   > would have a conflict between two VPN connections, with overlapping   
   address   
   > space.   
      
   You cant - or if you do have address translation within the VPN, you will   
   find some protocols and applications will break   
      
   >   
   > Which then begs the question... how can you support dozens of clients who   
   > could quite possibly each have the same private NAT address, say   
   > 192.168.1.100, much less similar address space?   
      
   you can have multiple remote clients using the same 192.168.1 or 192.168.0   
   subnets at the same time, so long as there is no visibility of those remote   
   subnets to the central sites or each other   
      
   this works with the Cisco VPN client and probably lots of others.   
      
   this implies you use a soft VPN client (and that the client doesnt propagate   
   the local subnet number) at each remote user rather than a build a site to   
   site VPN for each user.   
      
   >   
   > NAT Traversal?   
      
   You still need NAT traversal - this is about NAT in the Internet link   
   between client and remote VPN server, not inside the tunnel.   
   >   
   > Any information is definitely appreciated. Our Sonicwalls talk to each   
   other   
   > fine, but are barfing on connecting the laptop. I assume that NAT   
   traversal   
   > is an issue here, the firmware is 5.1.7.0 and they do not currently suppor   
   t   
   > NAT traversal on that firmware release...   
      
   Try it with the client connected direct to the Internet (good idea to   
   install a software firewall, update virus checker etc 1st)- if it works then   
   NAT traversal is likely the issue.   
   >   
   > Thanks,   
   >   
   > Venger   
   --   
   Regards   
      
   Stephen Hope - remove xx from email to reply   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca