| All Categories |
Primers
VPN, Firewall, Security ... |
Guides
HowTo, Choosing a VPN ... |
Reference
Articles, FAQs, Whitepapers ... |
Standards
Architectures, Protocols ... |
Downloads
VPN, Firewall, Security ... |
Products & Services
Hardware, Software, Services |
| Organizations |
Business
Market Research, Law ... |
| Forums |
News
Archive, Events, Newsletters ... |
|
|
| |
| VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News. |
|
|
|
|
robdev
Member since:
2002-05-05 20:23:59 |  posted: 2002-05-05 22:23:13
Multiple VPN connections
via NAT
----------
HI All,
Is it
possible to generate more
than one successful VPN
connection via an "ADSL"
Alcatel Speed Touch Pro 4
port modem that uses
Network Address
Translation?
I
have two X W98SE
computers that connect to
another site via
Microsoft VPN and were OK
via Dial-up modems until
I installed
ADSL.
Would there
be a software fix to get
around this
problem.
Many
thanx.
| kattfish
Member since:
2002-04-23 23:23:32 |  posted: 2002-05-10 22:46:43
A common issue.
----------
If I'm correct, Windblows
uses Transport mode as
opposed to tunnel mode.
The underlying problem
here is that the NAT
device will rip out the
IP deader and thus kill
the authentication check
on the other side of your
tunnel. NetScreen
addressed this issue by
enabling NAT traversal.
Basically, they
encapsulate your original
IP packet a copy of the
original IP header and a
UDP port 500 header
behind it. (Same as
IKE). This way, the
original packet is able
to properly authenticate
as it wasn't altered
during transit.
NetScreen also addresses
this by pushing a 'ping'
from ike-gate to
ike-gate, thus keeping
the NAT state tables
alive and allowing
bi-directional
communication. Very kewl
indeed. The other thing
you could try is to get
something like Astaro
Linux and allow that to
do NAT and get a public
/30 for inbetween your
original NAT devcie and
the Astaro
linux.
2cents |
|
