Hi All,
I am trying to configure VPN's when the DSL router at the Firewall end does NAT, which
can't be disabled.
The closest I have got is with SecurRemote Authenticating, but no encrypted traffic
passing.
Any and all documentation I have found on either the SecureKnowledge site or
phoneboy.com
refers to NAT being at the client end, but nothing about NAT at the Firewall end.
I believe this is more than just opening UDP/500 and Protocol 50 through the DSL
router, but
am not sure what. I'm trying to avoid UDP encapsulation as I also need to setup a
Firewall to
Firewall VPN which will involve a DSL NAT'ing device.
We do have the Gateway IP as that of the DSL, so it can at least find it's way there,
and the
encryption domain is if the internal LAN, but I'm thinking the problem maybe that the
address
the firewall gives out, is not the same as the client sees and the client is noticing
this and
rejecting.
Any pointers to doc's or gotchas would be greatly appreciated as nearly everyone I've
talked to
says this can't be done, or those who say it can be can't tell me how.
Cheers,
Steve Rielly
Security Engineer
Extranet Technologies Limited
Level 3, 60 Cook St, Auckland, New Zealand
P.O. Box 7726, Wellesley Street, Auckland, New Zealand
Ph: +649 377 1122, Mob: 025 835530 Fax: +649 377 1109
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
