I don't know what happened here, folks -- I could have sworn I'd composed
this reply to a question about *VPN*.
[I *did* kind of wonder at seeing two questions from Mr. Vaal, worded almost
identically, one about NAT and one -- I thought -- about VPN.]
I don't think I've lost my mind, but apparently it sometimes steps out for
lunch without leaving a message. Please try to ignore this....
David G
On 7 Sep 99, at 13:24, Dave Gillett wrote:
> On 7 Sep 99, at 19:43, Remco Vaal wrote:
>
> > When I use NAT on my router, and my internal LAN has an ip range 192.168,
> > what are the potential security problems. An number 192.168 isn't acceseble
> > from the internet I think.
>
> Your remote machine will effectively have *two* network interfaces:
>
> 1. Its normal external IP address with which it connects to the internet --
> and, specifically, across the net to your VPN server (which also has such an
> external address...).
>
> 2. An internal address, part of your 192.168. range; packets to/from this
> address flow through an encrypted connection between the two external
> addresses referred to above in #1.
>
> The encrypted content is internal traffic on your 192.168. subnet; if the
> encryption is inadequate, an outsider might be able to snoop or even hijack
> your traffic, and thus get onto your trusted internal network without having
> to traverse your firewall.
>
>
> The non-routability of RFC1918 addresses isn't an issue here, really,
> because the traffic between those addresses is carried over the internet as
> encrypted payload on a connection between two normal addresses.
>
>
> David G
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
