[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] L2TP tunneling through FW-1
Hi, Since we are talking here the tunneling thing in VPN-1, can tunneling will also work in FWZ encryption scheme? I'd been working on a VPN setup now and one guy from Australia (our peer network) said tunneling can be done in FWZ. Their site need to be NAT since they're using non-routable IP. Roger Delgado On Tue, 3 Oct 2000, Darren Sykes wrote: > > As far as I understand, you're not able to NAT L2TP Wink2 traffic at all, > because > it breaks IPSEC. The firewall will just see encapsulated traffic, so you'll > just be able to > allow IPSEC traffic to servers or not. You will not be able to filter on > source/dest port as that info is not available until the packet is > decrypted, > which will happen behind the firewall at the Win2k server. I suppose your > alternatives are > either not to NAT the traffic or forget Win2k security and use secure remote > instead. > > Darren > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: 02 October 2000 18:36 > To: [email protected] > Subject: [FW1] L2TP tunneling through FW-1 > > > > > > Hi everyone, > > One of our customers wants us to set up an L2TP tunnel through Firewall-1. > The > aim is to let external W2K clients connect to a W2K RAS-server in the DMZ > using > W2K encryption features (IPSEC encapsulated in L2TP). I am not familiar with > L2TP and would like to know if it is possible with and without NAT on FW-1. > As > far as I understand, FW-1 can't apply rules to these packets or perform NAT > on > them. Anyone has any experience with this? > > TIA, > > Tim De Boeck > System Engineer > Econocom Services > > > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|