Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Help in VPN setup

from [Moujahid, Moulay El Hadi (Moulay El Hadi)] Network Security [Permanent Link]
Subject: RE: Help in VPN setup
Date: Wed, 27 Oct 2004 12:46:21 +0200 
Hi,
I'm not the VPN expert of  Cisco PIX, but normally yes, you need 2 Pub IP to 
setup the connection. Except your VPN clients support NAT, in this case you can 
use the private IP's. As I'm writing this email, I'm using a VPN client to 
connect to my Corporate VPN server, but my laptop has only  a private IP, 
because I'm Using a DSL router for NAT.

VPN Client---------- DSL-Router-------------------VPN-FW
     priv. IP    priv. IP    Pub IP             pub IP

One side Private IP works for sure, but on 2 sides you should give it a try or 
ask Cisco, if the PIX VPN SW supports such a scenario.
The problem is actually in the IPsec header using client and FW IP addresses 
for authentication, but when you have NAT in between, then the Authentication 
fails, if the client is not NAT ready.

CU
Moulay
CISSP
_________________________________________________________________

-----Original Message-----
From: David [mailto:dalmada@sisp.cv] 
Sent: Dienstag, 26. Oktober 2004 19:13
To: firewalls@securityfocus.com
Subject: Help in VPN setup



Hello everyone,

I pretend to setup a gateway-to-gateway VPN throug internet using two PIX.
My question is, do I have to use more than one public IP address for each site? 
if it is possible to use one public address for each site, how do I route the 
private IP through the internet? The scheme should like this one:

Hostt<--->PIX<--->RouterA<--->Internet Cloud<--->RouterB<--->PIXB<--->HostB
 privIP   privIP       pubIP    |VPN|         pubIP       privIP   privIP

Thanks in advance

David

SISP
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Help in VPN setup, Andrew Shore
Next by Date:  RE: Unique POLICY NAT requirement, Lamy Vincent
Previous by Thread:  RE: Help in VPN setup, Andrew Shore
Next by Thread:  Is this somme kind of Smurf attack ?, Georges Dupont
Indexes:  [Date] [Thread] [Top] [All Lists]