Not sure where you got the idea that the Nortel Contivity box is behind a firewall. In my particular situation, I am trying to use a Nortel Contivity client behind a Gnatbox firewall to connect to a Contivity server at our client's location.
-----Original Message----- From: Cox, Danny H. [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 2:19 PM To: David Morris Cc: GnatBox Users Group Subject: RE: [gb-users] Nortel Contivity VPN clients behind Gnatbox Why in god's name would you put a Nortel Contivity box behind a firewall? It supports checkpoint and for a few bucks you can get enough license to support a couple of VPN links. I honestly do not see any benefit; especially since doing so would impact performance on the VPN and all firewall based traffic as well. As for any security concerns, I recommend you always have remote logging so any intrusions are detected and dealt with. Also, limit what static addresses can use VPN and on what port(s). Then you can have mobiles go through the firewall - if you must. Danny -----Original Message----- From: David Morris [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 10:21 AM Cc: GnatBox Users Group Subject: RE: [gb-users] Nortel Contivity VPN clients behind Gnatbox Matt, Another possible alternative would be to establish a shared VPN between your developers and the client. There are network addressing and/or access security issues to resolve to limit access to the anointed developers, but there wouldn't be a conflict over the number of concurrent users. Still another possiblity might be to have your developers use SSH to connect to a client site SSH server from which they could access the client systems. Only works if you have the right OS possiblities, but as I recall there is an SSH daemon available as part of the MS Windows Services For Unix (SFU) product. Dave Morris On Mon, 3 Nov 2003, Matt Repko wrote: > The decision to use ESP versus UDP is out of my hands since we are connecting > to a client's VPN. However, since I have more information about the likely > cause, I may be able to get them to accomodate our "special" situation. > > -----Original Message----- > From: Dan Swartzendruber [mailto:[EMAIL PROTECTED] > Sent: Monday, November 03, 2003 9:10 AM > To: Matt Repko; [EMAIL PROTECTED] > Subject: RE: [gb-users] Nortel Contivity VPN clients behind Gnatbox > > > At 09:06 AM 11/3/2003 -0500, Matt Repko wrote: > >Dan, > > > >I'm pretty sure ESP is being used. You might see the symptoms I am > describing > >if you were to establish two VPN connections while at home. I didn't > believe > >our developers at first but we've tested so many different configurations, > >that I am confident the problem is related to Gnatbox's inability to > properly > >route ESP traffic. This makes sense since there are no ports numbers > >associated with the traffic. > > > >I think I will pursue the multiple IP addresses option on the client's side > >first. > > > >Marteen, > > > >How would I configure the GB-1000 to make it appear that the different VPN > >sessions are originating from different static IP addresses? > > As a previous poster suggested: using static address mapping. If you have > more > than a handful of PCs using the client, this could be a nightmare > though. Is there > some reason you're unwilling (or unable) to use UDP? It's a far better > solution! (and > is why VPN providers have been migrating that way...) > > ------------------------------------------------------ > To unsubscribe: [EMAIL PROTECTED] > For additional commands: [EMAIL PROTECTED] > Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
