RE: [FW1] L2TP tunneling through FW-1

Tue, 03 Oct 2000 04:07:21 -0700 


Hi,

Since we are talking here the tunneling thing in VPN-1, can
tunneling will also work in FWZ encryption scheme? I'd been working on a
VPN setup now and one guy from Australia (our peer  network) said
tunneling can be done in FWZ. Their site need to be NAT since they're
using non-routable IP.

Roger Delgado
 
 On Tue, 3 Oct 2000, Darren Sykes wrote:

> 
> As far as I understand, you're not able to NAT L2TP Wink2 traffic at all,
> because
> it breaks IPSEC. The firewall will just see encapsulated traffic, so you'll
> just be able to 
> allow IPSEC traffic to servers or not. You will not be able to filter on 
> source/dest port as that info is not available until the packet is
> decrypted,
> which will happen behind the firewall at the Win2k server. I suppose your
> alternatives are
> either not to NAT the traffic or forget Win2k security and use secure remote
> instead.
> 
> Darren
> 
> 
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: 02 October 2000 18:36
> To: [EMAIL PROTECTED]
> Subject: [FW1] L2TP tunneling through FW-1
> 
> 
> 
> 
> 
> Hi everyone,
> 
> One of our customers wants us to set up an L2TP tunnel through Firewall-1.
> The
> aim is to let external W2K clients connect to a W2K RAS-server in the DMZ
> using
> W2K encryption features (IPSEC encapsulated in L2TP). I am not familiar with
> L2TP and would like to know if it is possible with and without NAT on FW-1.
> As
> far as I understand, FW-1 can't apply rules to these packets or perform NAT
> on
> them. Anyone has any experience with this?
> 
> TIA,
> 
> Tim De Boeck
> System Engineer
> Econocom Services
> 
> 
> 
> 
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to