From: c.draschl@conova.com   
      
   kalles wrote:   
   > Hello,   
      
   Hi,   
      
   > I'm trying to use SSH sentinel software VPN client from LAN and to   
   > connect to server in WAN.   
      
   not good, as far as NAT is used.   
      
   >   
   > Problem is that we have Soniwall as our firewall which has VPN   
   > enabled.   
      
   ACK   
      
   > When I try to set up the tunnel from the LAN workstation it sends the   
   > IKE initiator packet to the remote peer. When the remote peer replies   
   > Our Sonicwall "hijacks" the IKE packet and tries to set up the tunnel   
   > from itself to the remote peer which obviously doesn't work.   
      
   Is there anything against setting up the tunnel on the sonicwall and   
   restricting the reachability to the WAN-server, only allowed with your LAN-IP?   
      
   > I tried to use Firewall rules and NAT policies to route all traffic   
   > from this particular host to the workstation hosting the SSH sentinel   
   > client but it won't work. In any case the Soniwall "Hijacks" the IKE   
   > packet and tries to set up the connection itself.   
      
   Seems to be a "feature" of the SonicWall. ;-)   
      
   > Is there anyway around this? Has anybody had similar difficulties?   
      
   I'm trying to avoid VPN-connections through a firewall or NAT-device. Cisco   
   has got a feature called "IPsec NAT transparency", introduced in IOS   
   12.2(13)T but you may also try to use NAT-traversal, if supported by   
   SonicWall (I don't know if it is).   
      
   >   
   > Thanks!   
      
   /cd   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)