Hi all, I am not sure really how to describe what I am after, but I'll try to sketch it.
In a situation in which a network needs to have broad compatibility with multi- vendor VPN solutions (from clients sites to home office, and vice versa), it appears that fully routable, legal IP addresses will be required. One client in particular declares that NAT will not work with its "aggressive mode" system, and cannot be made to. The systems on the local subnet need to be able to communicate as a full workgroup, sharing files and printers. The VPN connections need to be intiated from both external locations coming in, and from internal hosts going out. As I understand it, systems in a DMZ in Eiger/Dachstein cannot be made to communicate with each other without routing tweaks --- so I'm assuming this won't do the trick. Here are my questions: 1. Is it still true that some systems absolutely cannot be made to work with NAT? 2. Anyone care to comment on the security and adminstration issues with managing a network of routable addresses from behind a LEAF box? 3. Are there any architectural "tricks" that can be used to create VPN gateways that allow full access into a private network from only one trusted host outside --- and is this a good idea? 4. Are there example configs around where a LEAF distro has been setup to do such things? Thanks, Dan _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
