Re: VPN Confusion

[dgillett]

  This *would* be true, if there were no VPN present.

David Gillett


On 11 Jun 2001, at 16:59, syed qamar wrote:

First, in order to be routed, the private IP addresses of Mumbai 
clients must be translated to the Internet interface of the Mumbai 
gateway (source address translation). Then at the NewYork gateway, a 
plug-to rule will connect Mumbai client to the FTP server 
(destination address translation). No plug-to rule is needed if FTP 
server is public. I hope this helps.
Syed


>From: [EMAIL PROTECTED] 
>To: "Swamy Patil" , [EMAIL PROTECTED] 
>Subject: Re: VPN Confusion 
>Date: Mon, 11 Jun 2001 02:30:19 -0700 
> 
> To clients such as the desktop and the FTP server, the tunnel is 
>invisible -- it *looks* like there is a router that connects the 
>192.168.61.0/24 network directly to the 172.16.12.0/24 network 
>(although the latency will suggest that there is something odd about 

>that connection). 
> Each of the end machines, seeing an address that is not on its 
>local net, will send the packets to its nearby gateway; each of the 
>gateways will recognize that the destination network is one for 
which 
>it has a tunnel definition, and so will send the packets through the 

>tunnel. 
> 
>David Gillett 
> 
> 
>On 11 Jun 2001, at 10:35, Swamy Patil wrote: 
> 
> > Hi everybody, 
> > 
> > 
> > 
> > I am having a little doubt about Gateway-to-gateway VPN : 
> > 
> > ------------------------------------------------------------------
-------------- 
> > 
> > Consider the case of a two offices one in Mumbai and the one in 
Newyork: 
> > 
> > The IP addressing for the Mumbai Office is 192.168.61.0 
> > 
> > Thre IP addressing for the Newyork Office is 172.16.12.0 
> > 
> > 
> > Consider 2 gateways protecting the respective offices at Mumbai 
and Newyork are configured for gateway to gateway VPN. 
> > 
> > Consider an FTP server at the newyork with the IP address 
172.16.12.200 (FTP server not meant for public access and is only for 
Newyork and Mumbai Offices). 
> > 
> > 
> > Now with the VPN between the two Offices ,is it possible for the 
desktop machine(192.168.61.40) at the mumbai office have the FTP to 
the Newyork FTP server without NAT or redirection at the Newyork 
gateway. 
> > 
> > 
> > i.e., if the client at mumbai types" FTP 172.16.12.200" and 
presses Enter will he be able to get the access to the FTP server 
assuming he has the full access permission to the FTP Server. 
> > 
> > 
> > Conclusion: 
> > 
> > Does the FTP server at the Newyork has to be NATted to the Valid 
IP or not required. 
> > 
> > 
> > Please give some suggestions on this 
> > 
> > Thanks in advance 
> > Swamy Patil 
> > 
> > 
> 
> 
>- 
>[To unsubscribe, send mail to [EMAIL PROTECTED] with 
>"unsubscribe firewalls" in the body of the message.] 

Get Your Private, Free E-mail from MSN Hotmail at 
http://www.hotmail.com.
- [To unsubscribe, send mail to [EMAIL PROTECTED] with 
"unsubscribe firewalls" in the body of the message.] 
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]