> Maybe some of the IPSEC gurus here can help.
>
> This is actually not for me, but to make the reading easy I will just say
> "I" the entire time. Throw tomatoes later.
>
> I have an private network and an Internet connection. I want to offer
public
> wireless to anyone close enough to use the wireless. The wireless users
can
> access the Internet using my connection. I want a few of the wireless
users
> to be able to access my private network using a VPN. My configuration:
>
> wirelessnet <-----------> linksys AP <----> hub <--|
> | |
> internet <-----> linksys router <---| |
> |
> privatenetwork <---> netscreen router/vpn <---------
>
> The VPN is IPSEC-based. I believe they are using IPSEC ESP.
>
> x The wirelessnet users can access the Internet.
> x The wirelessnet users can access privatenetwork using VPN.
> x The privatenetwork can access the Internet.
> x The Internet cannot access the privatenetwork using the VPN.
>
> Netcreen support told "me" that the issue is caused by IPSEC breaking when
> it crosses the Linksys router/NAT boundary. Sounds about right.
>
> Is there a way to solve this?
>
> I suggested just dropping the two routers and going with a single Linux or
> FreeBSD router/VPN with multiple interfaces for DMZ/wireless, Internet,
and
> private. My friend isn't too keen on this idea because PC-based solutions
> have a higher chance of having a hardware failure. (I agree.) Also, some
> people are just afraid of Linux or FreeBSD.
>
> He is trying to save money. (Obviously.)
>
> ---
> Dustin Puryear
> http://www.puryear-it.com
>
>
>
