[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN over ISDN

Title: Message
Assuming the remote site has a public IP address then there should be no problems.
 
{Central Site}---[FW-A]---[Rtr-A]---ISDN---[Rtr-B]---[ifx FW-B]---{Remote Site}
 
For simplicity I've ignored the FR link.
 
As long as the 'FW-B ifx' is a public address there should be no problem. The VPN will be created between the 'FW-B ifx' IP address and FW-A external IP address - no dynamic address. All the issues of initiating the connection are handled by Rtr-B, the VPN is treated a ordinary IP traffic (which of course it is).
 
If you want FW-B to support both the FR and the ISDN then you have challenges. In theory with an unlimited lisences (to accommodate the 2 external interface - i.e. FR and ISDN) this could be done. I'm told that the CP FP2 supports dynamic addresses - but I've never tried it. However, the VPN would have to use a common IP address for the SA (security association), irrespective of the physical interface being used (and its associated IP address). In principle this could be achieved by associating the VPN with an IP address on the loopback interface. This sort of worked back in the CP4.0 days, but CP hardened the usage of the loopback interface during the CP4.1SP2 BlackHat fixes. Finally, what products can support both an FR and ISDN interface at a reasonable cost - possible the new Nokia IP350?
This setup would need some serious testing!
 
Derin

Does anyone know of a product that can use ISDN to initiate a VPN connection to a NG FP2 firewall??  We're looking for backup connectivity to some remote sites that have 'flaky' frame relay connections, and can't get broadband internet.  ISDN speeds would be slow, but adequate for green screen connections.  The problem is that ISDN is a dial up service, and we will pull a separate IP everytime we dial in.  We need to initiate the VPN from the client side, and wouldn't be able to add the object in the firewall with a static IP.

 



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately and then delete from your system.

This footnote also confirms that this email message has been swept
for the presence of known computer viruses.

**********************************************************************