Lars, Do you mean UDP Encapsulation Mode to ensure generic IKE/IPSec over NAT devices or the SecuRemote specific version, commonly encapsulating all the IPSec traffic in UDP und sending over port 551? I can be wrong, but this was required when we had the IPSec client (like SecurRemote) behind a NAT device, e.g. the underlying transport path carrying the IPSec traffic was NATed. Thus, in most configurations, it won't be required, hence the VPN connection is usually not NATed - unless your connection to an external ADSL modem (the ZyXEL Prestige 652 is a workaround in this case), the ISP or corporate network does.
Not aware SecuRemote is fully supporting the proposed NAT traversal extensions for IPSec (Internet draft "UDP Encapsulation of IPSec Packets" and "Negotiation of NAT-Traversal in IKE") [think these are the draft titles, wording can vary slightly]. On the other hand I remember this is already supported by Microsoft's L2TP/IPSec clients, while there are not many NAT traversal capable VPN servers available. Not aware either the ZyWALL series is fully supporting these new IPSec extensions already, but i'll have a chat with the ZyXEL QA and developers, and let you know. -Kurt. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST@;beethoven.us.checkpoint.com] On Behalf Of Lars Troen Sent: Monday, October 21, 2002 3:33 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Broadband/DSL Routers Does it support udp encapsulation vpn to fw-1? > -----Original Message----- > From: Kurt A. Schumacher [mailto:Kurt.Schumacher@;SCHUMI.CH] > Sent: Monday, October 21, 2002 13:16 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Broadband/DSL Routers > > > Jeffrey, > > All ZyXEL Firewall/VPN boxes http://www.zyxel.com -> Products -> > Firewall/VPN allow model dependant 1 to 100 concurrent IPsec based VPN > connections. > > Bigger models as well as the new ZyWALL 10i (available in the US) > contain silicon based VPN 3DES/AES engines, allowing impressive > performances at a very attractive price. There is a worldwide ZyWALL > 10W (dual 10/100 Mb Ethernet) with the 3DES/AES silicon and a built-in > 802.1b access point allowing 802.1X authentication and dynamic key > exchange, and support for up to 10 concurrent VPN - availability soon. > > While there are flexible Dual-port Ethernet units, there are also > specialized units with the same Firewall/VPN units available, such as > the Prestige 652 for ADSL (two concurrent VPN/IPsec sessions), > Prestige 954 DOCSIS Cable Modem for up to 100 concurrent VPN/IPsec > sessions, including third DMZ port. > > Set-up information for Firewall-1/VPN (ok, not NG yet, but I am > convinced you can handle it) and other devices can be found on > http://www.zyxel.com/support/supportnote/zywall/index_f.php > > -Kurt. > > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:FW-1-MAILINGLIST@;beethoven.us.checkpoint.com] On Behalf Of > Russell Aspinwall > Sent: Monday, October 21, 2002 12:20 PM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Broadband/DSL Routers > > > Sorry, I have not tried but from a configuration perspective it will > allow at least 8 in coming connections, supporting 253 ips behind the > router. > > regards > > Russell > > Lars Troen wrote: > > > > Does it work if there are several users behind one such router? > > > > > -----Original Message----- > > > From: Russell Aspinwall [mailto:russell.aspinwall@;FLOMERICS.CO.UK] > > > Sent: Monday, October 21, 2002 10:04 > > > To: [EMAIL PROTECTED] > > > Subject: Re: [FW-1] Broadband/DSL Routers > > > > > > > > > Hi Jeffrey, > > > > > > I have used a SMC7004ABR Router with SecureClient, I had only to > > > enable incoming port 500 udp connections to the SecureClient > > > machine. > > > > > > Regards > > > > > > Russell > > > > > > "Larson, Jeffrey" wrote: > > > > > > > > Hello, > > > > We have multiple SOHO users and would like to implement > > > Secure Client NG > > > > FP2 to replace our current RAS infrastructure. I was hoping > > > that someone > > > > could recommend an inexpensive broadband/DSL home router > > > that would allow > > > > SecureClient VPN connections. We have a few sites where > > > more then one client > > > > must connect with the VPN at the same time. Any suggestions > > > would be very > > > > helpful. > > > > > > > > Firewall/VPN -1 NG FP2 loaded on a Nokia IP330 > SecureClient NG FP2 > > > > > as the VPN client W2k loaded on Dell Inspiron 4000/4100. > > > > > > > > Thank You, > > > > Jeffrey Larson > > > > > > > > Senior LAN Technician > > > > Michigan Millers Mutual Ins. > > > > (517) 482-6211 ext 396 > > > > CCNA Network+ > > > > <mailto:jlarson@;mimillers.com> > <snip> ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
