No. Information that passes through a tunnel has NAT applied to it. If the VPN uses IPSec, then an IP Passthrough would be needed.
Mike Burden Lynk Systems (616)532-4985 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joab Stieglitz Sent: Thursday, July 20, 2000 2:56 PM To: Chris Green; [EMAIL PROTECTED] Subject: RE: SmartPass Through GnatBox --------------------- Attention ----------------------------- Online GNAT Box User Forum is Now Open Click the Register link and sign up today http://www.gnatbox.com/cgi-bin/Ultimate.cgi ------------------------------------------------------------- Send postings to: [EMAIL PROTECTED] Access the list archives at: http://www.gnatbox.com/gb-users/ ------------------------------------------------------------- In that case, a tunnel should be in order. Correct? -----Original Message----- From: Chris Green [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 20, 2000 2:46 PM To: Joab Stieglitz; [EMAIL PROTECTED] Subject: Re: SmartPass Through GnatBox I do not believe that smartpass will work through NAT at all. Good luck! Chris Green >From: Joab Stieglitz <[EMAIL PROTECTED]> >To: "GnatBox Users Group (E-mail)" <[EMAIL PROTECTED]> >Subject: SmartPass Through GnatBox >Date: Thu, 20 Jul 2000 12:18:56 -0400 > >--------------------- Attention ----------------------------- >Online GNAT Box User Forum is Now Open >Click the Register link and sign up today >http://www.gnatbox.com/cgi-bin/Ultimate.cgi >------------------------------------------------------------- >Send postings to: [EMAIL PROTECTED] >Access the list archives at: http://www.gnatbox.com/gb-users/ >------------------------------------------------------------- >I've been fighting with the VPN client that my company gave me. Here are >my >active filters: > >OUTBOUND > 1 0 Accept ANY TCP from "ANY_IP" 3845 to "ANY_IP" 3845 > 2 235 Accept "PROTECTED" ALL from "ANY_IP" to "ANY_IP" > >REMOTE ACCESS > 1 0 Accept ANY TCP log from "ANY_IP" 3845 to "ANY_IP" 3845 > 2 287 Accept "PROTECTED" TCP from 192.168.5.0/255.255.255.0 to >192.168.5.1/255.255.255.255 8080 > 3 0 Accept "PROTECTED" TCP from 192.168.5.0/255.255.255.0 to >192.168.5.1/255.255.255.255 77 > 4 479 Deny ANY UDP nolog from "ANY_IP" to "ANY_IP" 9 67 68 >137 >138 161 513 > 5 0 Deny ANY UDP nolog from "ANY_IP" to "ANY_IP" 520 > 6 0 Accept ANY TCP nolog from "ANY_IP" to "ANY_IP" 113 > 7 0 Accept ANY ICMP from "ANY_IP" 8 to "ANY_IP" 8 > 8 9 Deny ANY UDP nolog genICMP from "ANY_IP" to "ANY_IP" >32767:65535 > 9 0 Deny ANY TCP nolog from "ANY_IP" 80 to "ANY_IP" >1024:65535 > 10 5 Deny ANY ALL alarm from "ANY_IP" to "ANY_IP" > >IP PASS THROUGH > No filters installed. > >AUTO > 1 0 Accept ANY ICMP from 192.168.5.9 3 4 11 to 192.168.5.1 3 >4 >11 > >And here is what the manufacturer has told me: > > > You are close... the communications occurs from the VPN client on a > > random high port (1024:65535) to the SmartGate VPN server on 3845/tcp. > > > So, your rules need to look something like this (verify these since I am > > not familiar with this form of ruleset) > > > OUTBOUND > > 1 0 Accept ANY TCP from "ANY_IP" 1024:65535 to "ANY_IP" >3845 > > > > REMOTE ACCESS > > 1 0 Accept ANY TCP log from "ANY_IP" 3845 to "ANY_IP" >1024:65535 > > > Hope that this helps, > >What do I need to do to put what he suggests in place? Especially if the >VPN client uses a random port each time? > >Joab Ben Stieglitz >mailto:[EMAIL PROTECTED] >---------------------------------------------- >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe gb-users your_email_address >in the body of the message ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ---------------------------------------------- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe gb-users your_email_address in the body of the message
