Hi everyone,
I have a Linux Box with RH 6.1 running as my gateway to Internet. This machine
has Two NIC cards and One has a Public IP address and another has a Private IP
address( 10.5.2.x ). This box is enabled for IP MASQ and IP Forwarding.
all my clients have private IP address 10.5.2.x , these cleitns have the gateway
as Private IP adresss of Linux BOX . These cleints are able to access the
internet and everythjing is working fine.
Now , my USA conterpart has a Nortel switch and has setup a VPN Server there.
Here I have the client software installed on a machine wiht Private IP address,
Now if i try to connect to the VPN server in USA it gives me an error stating
"Remote host not responding"
BUT , i can ping to the IP address of the VPN Server from my Private Client.
WHAT IS THE REASON...? What's the SOLUTION.
Now i tried putting a machine wiht Public IP Address and installed the VPN
Client software on it and tried to connect and i got connected and i was able to
access the LAN of my USA Office.
SOS: PLEASE SEND ME A SOULTION FOR THIS ASAP .. BCOS I NEED TO IMPLEMENT IT
FAST...
Note: I had gone thro the HOWTO of VPN , but nothing seems to help me.. I'm NEW
TO VPN.. PLEASE Help me out in configuring it and pls tell the ANSWERS in
DETAILS...!!!
Thanks in advance, and looking forward to a response from you...!!!
Rajesh
mouss wrote:
> Damian,
>
> Please do note that the opinion I was defending is not passive at all.
> (yes, [EMAIL PROTECTED] qualified this as passive, but his address suggests
> that he works for ESC, a company that sells the product he mentioned;
> and anyway, I wouldn't be proud of a message like his. See Ben's reply).
>
> I argued that it's no good to waste resources/CPU/time/..., it's dangerous
> to allow an attacker to get somewhere even volontarily, ...
> If you feel this is passive, then why not open wide your network,
> and try to catch anyone getting in. Is this active defense?
> so you agree there is a trade-off somewhere? Where to put it is the subject
> of this discussion. no method is passive or active.
>
> My opinion (and it is certainly shared by many many people) is:
>
> - read documentation, get software, ...
> - use rigourous analysis to derive a satisfactory security policy
> - implement this security policy
> - check logs, read documentation, upgrade your soft, ....
>
> That's the "rational one-shot" method
>
> as opposed to:
>
> - set up a covert server
> - wait for intruders to come and catch them
> - then us that to improve your security policy
>
> which is the "trial & error" method.
>
> [I am not trying to use fancy name "rational..." for my choice and a less
> fancy one
> for the other to manipulate your judgement. Although this is a classical
> approach in
> communication, it will hardly work within this community. I am simply trying
> to
> express my feeling about each one]
>
> A fundamental difference is that the first approach focuses on securing
> one's net;
> while the second focuses on catching crackers. One does not set up security
> measures
> because he hates crackers, but because he wants to stay secure.
>
> Assume that the covert approach allows you to catch more and more crackers.
> Then what?
> There are new ones everyday. Amazingly, children do grow and people
> change...
>
> The world war example does not count here. The ennemy was fully identified,
> and not
> because anyone sat up a covert country to make him think he is gaining some
> space.
> He was not hiding himself as do net crackers... so is the US army going to
> build
> aake new-york city and when "suspected" people come in the US, they are
> "diverted"
> there... ? This is not active security, this is X-Files.
>
> For me, I'd go with the famous chess principle: do not rely on your
> opponent's errors.
> sure this does not make a great grand master, but acting the opposite way
> won't either...
>
> > From: Damian Gerow [mailto:[EMAIL PROTECTED]]
> >
> > I've really got to interrupt on this argument.
> [text suppressed for brevity]
> > World War. There's a flip side to everything.
> >
> > Just my two cents.
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
----------------------
Dream, Explore, Discover
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
