[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] PPPoE and IKE
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't understand why we can't set up variable IP address using Phase 1 ID's of type USER_FQDN with either shared secrets or key certificates. Most open sourced ISAKMPD and IPsec implementations do it. With Checkpoint, I would think that we would be able to program a user to reflect a particular Phase 1 ID and set up a tunnel that way. It seems that this does not work as it gives us all sorts of "User is not properly defined" messages and the like. The only way we have gotten it to work is to create a Workstation for the remote VPN gateway (In this case OpenBSD) and thus CheckPoint ignores the Phase 1 ID of USER_FQDN and uses the IP address specified in the workstation object configuration. Anyone have a solution to this? Regards, Patrick Ethier [email protected] - ----- Original Message ----- From: "Nick Ellenden" <[email protected]> To: <[email protected]> Sent: Tuesday, October 23, 2001 11:15 AM Subject: Re: [FW-1] PPPoE and IKE > Hi, > > The issue with PPPoE, along with other provider networks which need dynamic addressing, either DHCP or PPPoATM, is that IPSec absolutly HATES dymanic ip addressing. You need to either, be given a static ip address for both ends, or use a VPN solution which can perform, IPSec over NAT, like F-Secure VPN clients, Nokia VPN clients and the Altega client from Cisco. These then support IPSec over NAT, but the clients must talk back to the same manufacturers compatible gateway, you lose the inter-compatibility of IPSec : ( The IETF are working on standardising this now. > > > Bestest, > > nick > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]]On Behalf Of Aaron > Brasslett > Sent: 23 October 2001 16:19 > To: [email protected] > Subject: [FW-1] PPPoE and IKE > > > Hi all, > > I would like to try and use an ADSL connection that uses PPPoE to create a > site to site VPN using IKE. Central office uses FW-1 4. SP3 on NT4.0 SP6a > the remote site would use an Intrusion.com PDS 2110 running FW-1 SOHO. > Would it be possible to use a PPPoE compatible ADSL router such as the Cisco > 827 router that can perform the PPPoE on the firewall's behalf work? Has > anyone attempted to implement something like this? Are there other ways of > dealing with PPPoE?... maybe using a PPPoE client on the PDS 2110 (if there > is such a thing) Unfortunately, the remote site only has ADSL with PPPoE > available... otherwise I wouldn't even bother to mess with PPPoE. > > Any info, advise, or humor appreciated. > > Aaron > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBO9XJB41wMhK2NAClEQLzuwCgqbTUDDyGOBhktEECyYaxv3pf+WAAoOYK I8LB6zzfMTSNtDfZJ2tl3t10 =O51X -----END PGP SIGNATURE----- =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|