>>A better option IMO is to plonk your favourite >>distribution of Linux on the firewall, drop in frees/wan and away you go ;) Yeah it would be a better solution, L2TP over IPsec re-introduce the drawback and pitfalls of PPTP making IPSec less reliable but try to convince management to ditch their "favourite" MS solution.
Politic says you have to inter operate with MS even though Linux with Freeswan on it's own is far superior. Dom -----Original Message----- From: Mark Weaver [mailto:[EMAIL PROTECTED]] Sent: 20 November 2002 10:45 To: [EMAIL PROTECTED] Subject: RE: IPSec + L2TP VPN to MS firewall (ISA) working ! Yes, you need NAT-T on both ends, but SSH can of course establish connections to itself. A better option IMO is to plonk your favourite distribution of linux on the firewall, drop in frees/wan and away you go ;) > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Cressatti, Dominique > Sent: 20 November 2002 09:14 > To: [EMAIL PROTECTED] > Subject: RE: IPSec + L2TP VPN to MS firewall (ISA) working ! > > > >>You might consider trying SSH sentinel if you need NAT-T > support under MS > >>platforms, works well for me. > I don't how that would work with ISA server. > The current situation is that since MS current implementation > of IPSec doesn't support NAT-T (on the server but W2K client supports it), > yet they do NAT with their firewall (ISA), > MS way to tackle the issue to make IPSec work is to grab any > IPSec packets with RRAS so it bypass the firewall all together. > > Dom > > -----Original Message----- > From: Mark Weaver [mailto:[EMAIL PROTECTED]] > Sent: 19 November 2002 14:30 > To: [EMAIL PROTECTED] > Subject: RE: IPSec + L2TP VPN to MS firewall (ISA) working ! > > > Fantastic, I look forward to reading it. > > You might consider trying SSH sentinel if you need NAT-T support under MS > platforms, works well for me. > > Mark > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of Cressatti, Dominique > > Sent: 19 November 2002 13:57 > > To: [EMAIL PROTECTED] > > Subject: IPSec + L2TP VPN to MS firewall (ISA) working ! > > > > > > What am trying to say here is that I managed to successfully > > establish a VPN between Linux and MS ISA (MS firewall) > > which uses X509 certificates and L2TP. > > > > Am in the process of writing an HowTo as it is fairly involved > > but I'll accept a few questions and provide some help to those > > who trying to do it. > > > > However at this time since it is fairly involved, I can't > > begin to explain it all in this list. Therefore I'll ask those > > who trying to achieve it, to at least have followed Nat Calrson > > Howto and have a "Windows road warrior" working, using > > ipsec.exe. > > > > Limitations: > > It cannot be done if there is a NAT (ADSL router for example) > > in the path as the IPSec implementation used by MS doesn't support > > NAT-T (NAT traversal). > > At the moment the Linux box act only as server therefore I have > > to establish the VPN from the Windows server. > > > > > > Dom > > > > > > > >
