Hi Steve,
> -----Original Message-----
> From: Steve Riley (MCS) [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, 13 January 2001 6:23
> To: Brian Ford; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: RE: PIX & Win2K IPSec
>
>
> The question was about pure IPSec tunnel mode, not about L2TP+IPSec.
>
> Officially, we don't support pure IPSec tunnel mode for
> client-to-gateway configurations unless the client has an IP address
> that's routable on the network behind the gateway. Pure IPSec tunnel
> mode doesn't have any way of assigning tunnel end-point IP
> addresses to
> clients, thus the need for L2TP or some other kind of VPN client shim.
So you're saying that you _do_ support native IPSec tunnel mode without the
L2TP addition? That's good news. I had a peek and saw no obvious way to
select between IPSec+L2TP and vanilla IPSec. I assume it's a "trick"?
Is there some weird problem you're referring to with your "routable on the
network behind the gateway" comment? I find that default routes work fine
for me, using gateway<-->gateway meshes. I don't understand why it would
cause any more of a problem with client<-->gateway. I guess in some sense
client is a bit of a misnomer if it's tunnel mode anyway.
>
> Trevor, what's the scenario for your test case? Does the
> client have an
> address that's routable on the network behind the PIX? We've got some
> specific interoperability config info I can forward to you.
Please keep this on the list? It's on topic, as far as I can see...
> ____________________________________________________
> Steve Riley
> Microsoft Communications Consulting in Denver, Colorado
> [EMAIL PROTECTED]
> +1 303 521-4129 (OLD mobile)
> www.microsoft.com/isn/
> Applying computer technology is simply finding the right
> wrench to pound
> in the correct screw.
Cheers,
--
Ben Nagy
Marconi Services
Network Integration Specialist
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
