| All Categories |
Primers
VPN, Firewall, Security ... |
Guides
HowTo, Choosing a VPN ... |
Reference
Articles, FAQs, Whitepapers ... |
Standards
Architectures, Protocols ... |
Downloads
VPN, Firewall, Security ... |
Products & Services
Hardware, Software, Services |
| Organizations |
Business
Market Research, Law ... |
| Forums |
News
Archive, Events, Newsletters ... |
|
|
| |
| VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News. |
|
|
|
|
calbo00
Member since:
2002-05-07 09:40:23 |  posted: 2002-05-07 09:49:48
VPN Concentrator
----------
Hi All,
I am
trying to design a VPN
solution using VPN 3030
Concentrator
Cisco.
My question
is - can the client
private ip's be natted?
What are the port needs
to be open in the
firewall on the
client
end? Can it be just
outbound or has to be
inbound and outbound
ports that needs to be
opened?
Thanks all
in advance,
Cal | jhaspel
Member since:
2002-05-01 21:13:44 | posted: 2002-05-07 21:52:43
Plethora
----------
Cal, check out
www.plethoratech.com. If
you're open to something
other than Cisco, our
software-based VPN
solution works great with
NAT, and includes
built-in productivity
tools as well, making the
user's experience vastly
easier and more
effective. | kattfish
Member since:
2002-04-23 23:23:32 | posted: 2002-05-13 21:30:04
Sofware VPN's
----------
Generally have some
disadvantages that need
to be considered.
1.
Way more points of
failure/support/etc.
With a HW vpn solution,
you have one point of
failure and one point of
support. If your site
has more than 20 seats, I
would not advise going
with a SW
solution.
2. SW
VPN's generally use
aggressive IKE mode.
Which means that key
information like Source
and Dest. IP are passed
in the clear.
3.
Host based security
systems have good and bad
features to consider, so
be careful
there.
4. Cisco's
VPN client is
free.
5. After
checking out the site, it
looks like they provide a
client and a server. You
will want to make sure
that the client is
compatible with other
IPSec devices or it'll
limit what you can
connect to down the
road.
6. The
server software runs on a
PC. Be careful here as
well. PC-based VPN
concentrators are
generally a bad idea as
there's no proper
distribution of VPN tasks
among several
processors.
7. To
answer your original
question, yes. Generally
the client can be Natted
as long as one of the IKE
gateway's has a static IP
address and is smart
enough to alow Natt'ed
clients to connect
(usually through a Cert,
FQDN, or email as an
identifier as opposed to
IKE gate.) However
bi-directional
communication is
generally broken, unless
NAT Traversal is deployed
on the NATted side.
NetScreen does this quite
well.
www.netscreen.com.
Hope this helps. |
|
