The firewall on their end may be an issue as some small SOHO firewall/routers are only capable of allowing one or two IPSEC tunnels outbound through it. If this is a real firewall, it shouldn't be an issue but UDP Encapsulation and IKE over TCP should defintely be used and SecureClient and Office Mode would prevent problems with their local subnet being the same as yours.
Ray
From: "Brian A. Bohanna" <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [FW-1] VPN Question Date: Wed, 10 Dec 2003 17:34:11 -0500
Hmmm, SO then I can have as many IPSec tunnells connecting to my gateway from the outside originating from the same source IP?
___________________________ Brian Bohanna Sr. Consultant
[EMAIL PROTECTED]
Phone: (302) 656-6050 ext. 263 Fax: (302) 656-6058 Cell: (609) 501-2902
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Crist Clark Sent: Wednesday, December 10, 2003 4:54 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] VPN Question
"Brian A. Bohanna" wrote: > > Real quick one. > > I am assuming the answer is no (based on networking 101) but is there > an option to allow several Secure Remote clients to creat tunnells to > a single gateway originating from a single IP. I have a client who > wishes to have 4 people behind their firewall (unknown vendor) aceess > my VPN gateway.
Well, networking 101 says that this is possible if we are talking IPsec tunnels. For each tunnel the <src IP, dst IP, proto, SPI> quadruplet must be unique. Given that the SPI is a 32-bit integer, you can have a lot more than 4 hosts behind it.
This is just the kind of situation that UDP/TCP encapsulation schemes of IPsec is for, so I would _assume_ VPN-1 can deal, but I do not know for sure. -- Crist J. Clark [EMAIL PROTECTED] Globalstar Communications (408) 933-4387
The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED]
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Get holiday tips for festive fun. http://special.msn.com/network/happyholidays.armx
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
