Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] L2TP tunneling through FW-1

To: Darren Sykes <[email protected]>
Subject: RE: [FW1] L2TP tunneling through FW-1
From: Roger Delgado <[email protected]>
Date: Tue, 3 Oct 2000 18:58:05 +0800 (PHT)
Cc: "'[email protected]'" <[email protected]>, [email protected]
In-reply-to: <6BF1C330AF53D311BE5D00508BA3BF@PLANET01>
Sender: [email protected]

Hi,

Since we are talking here the tunneling thing in VPN-1, can
tunneling will also work in FWZ encryption scheme? I'd been working on a
VPN setup now and one guy from Australia (our peer  network) said
tunneling can be done in FWZ. Their site need to be NAT since they're
using non-routable IP.

Roger Delgado
 
 On Tue, 3 Oct 2000, Darren Sykes wrote:

> 
> As far as I understand, you're not able to NAT L2TP Wink2 traffic at all,
> because
> it breaks IPSEC. The firewall will just see encapsulated traffic, so you'll
> just be able to 
> allow IPSEC traffic to servers or not. You will not be able to filter on 
> source/dest port as that info is not available until the packet is
> decrypted,
> which will happen behind the firewall at the Win2k server. I suppose your
> alternatives are
> either not to NAT the traffic or forget Win2k security and use secure remote
> instead.
> 
> Darren
> 
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: 02 October 2000 18:36
> To: [email protected]
> Subject: [FW1] L2TP tunneling through FW-1
> 
> 
> 
> 
> 
> Hi everyone,
> 
> One of our customers wants us to set up an L2TP tunnel through Firewall-1.
> The
> aim is to let external W2K clients connect to a W2K RAS-server in the DMZ
> using
> W2K encryption features (IPSEC encapsulated in L2TP). I am not familiar with
> L2TP and would like to know if it is possible with and without NAT on FW-1.
> As
> far as I understand, FW-1 can't apply rules to these packets or perform NAT
> on
> them. Anyone has any experience with this?
> 
> TIA,
> 
> Tim De Boeck
> System Engineer
> Econocom Services
> 
> 
> 
> 
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] L2TP tunneling through FW-1
  - From: Darren Sykes <[email protected]>

Prev by Date: RE: [FW1] Problem after changing Ethernet card
Next by Date: Re[2]: [FW1] Installation of stonebeat full cluster for FW1
Previous by thread: RE: [FW1] L2TP tunneling through FW-1
Next by thread: [FW1] How to add one more NT server to the firewall
Index(es):
- Date
- Thread