I'm not entirely sure how squid works but I'm currently working on getting
two sites to connect through VPN using VPN Appliances and both LANs are
behind firewalls (Checkpoint and Raptor) that are doing NAT.
On thing I came across today from F-secure.com by searching "existing
firewall" is that one of the things you can do is setup both VPN devices to
sit on the DMZ of both firewalls; You can create a 4th interface in addition
to trusted, untrusted, and DMZ and call it the VPN Interface. Anyway, you
have to add additionaly routing entries on your firewall and add
anti-spoofing on the said interface.
Here's a helpful link:
http://www.europe.f-secure.com/support/vpn%2B/cases/10n.html
If anyone knows of a better way, let us know. If only I can convince my boss
to use the built in VPN Services on these firewalls, life would be better!
Hope this helps.
Kenneth
"Dave Santeramo" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> I have been infected with the buzzwrod virus. My boss wants me to
implement
> ever three letter acronym that I can find. Here is what he wants:
>
> I have a T1 with UUnet and a T1 with BBN. He wants those setup with
> BGP but the routes weighted (huh) so that UUnet is the primary. After
> that he wants a VPN installed using IOS on the routers that not only
> checks for username/password via Radius but also checks for certificates.
> AHHH - A cert server is needed. Next step - He wants a a proxy server
> running squid on BSD (don't think so) so that the whole LAN can be NAT.
>
> So the question is:
>
> How the hell am I going to VPN with a NAT server between the LAN and
> the VPN enabled routers? Also, how am I going to weigh the routes so
> that one connection is chosen over the other.
>
> Feedback from the peanut gallery would be appreciated.
>
>
> ___________________________________________________________________
> To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax,
> all in one place - sign up today at http://www.zdnetonebox.com
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
