Karlnet
[Top] [All Lists]

RE: [Karlnet] IPSEC VPN Support

To: "Karlnet Mailing List" <karlnet@WISPNotes.com>
Subject: RE: [Karlnet] IPSEC VPN Support
From: "Sam Deller - Airnet NZ" <sam.deller@airnet.net.nz>
Reply-to: Karlnet Mailing List <karlnet@WISPNotes.com>
Date: Mon, 19 May 2003 15:28:44 +1200
List-post: <mailto:karlnet@WISPNotes.com>
Indentical install here, and had the same problem mapping all ports through.
However in our scenario only one external client was assessing IPSEC server
at a time. Not sure how this would impact multi users.

Either map only the ports you need + 1723 for IPSEC to internal Fwall or
server

or

Include all ports for wildcard/incoming NAT with the exception of 161 (SNMP)

-Sam

-----Original Message-----
From: karlnet-bounces@WISPNotes.com
[mailto:karlnet-bounces@WISPNotes.com]On Behalf Of Andrew Johnston
Sent: Monday, 19 May 2003 2:32 p.m.
To: Karlnet Mailing List
Subject: [Karlnet] IPSEC VPN Support


I have a client who want to use Outbouind NAT, no problem with that part.
Same client want to have a IPSEC VPN server on their private side network.

IPSEC Outbound works 100% with the passthru

If I enable Incoming NAT with a wildcard pointing to their Firewall, all is
Okay

EXCEPT:  I loose the ability to PING and SNMP manage the SR4200 (RG1000)
with the configurator.

Routed with the allocation of small public /30 subnet is not desirable as it
wastes IP's

Anybody know a way around this ?

_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet

<Prev in Thread] Current Thread [Next in Thread>