-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dennis
Burgess - 2K Wireless
Sent: Monday, January 15, 2007 4:36 PM
To: 'WISPA General List'
Subject: RE: [WISPA] IPsec/UDP and my border NAT gateway
In case someone ddi'ent say, if they are using CISCO IPSEC,
etc
You have to create a rule to allow the GRE tunnel back to your customer
from the VPN Server IP. Are you forwarding ALL public IP traffic to his
private IP?
I believe it is Protocol 47 or something like that. You also need to
allow certain udp ports through but I don't remember off the top of my
On Mon, 15 Jan 2007, rabbtux rabbtux wrote:
Anyone have suggestions on what I need to do to allow my customer
to do this type of VPN. I currently have customers behind my
linux/iptables firewall that masquerades them out a single IP.
This is the first customer who is having problems. Do I
A Standard Ipsec VPN will use GRE, protocol 47:
http://www.iana.org/assignments/protocol-numbers
It's not UDP.
It appears that CenterBeam VPN uses Cisco gear:
http://newsroom.cisco.com/dlls/prod_121201.html
If this is the case, then they should be able to encapsulate this into UDP
or IP and
In case someone ddi'ent say, if they are using CISCO IPSEC, etc, what happen
is this.
1. Client requests via TCP to start a VPN session
2. Server sends back UDP packets to start the session
3. NAT/MASQ blocks these un-authed UDP packets.
The two anaswers are.
1. Tell the customer to change
PROTECTED] On
Behalf Of Frank
Sent: Monday, January 15, 2007 5:05 PM
To: 'WISPA General List'
Subject: RE: [WISPA] IPsec/UDP and my border NAT gateway
A Standard Ipsec VPN will use GRE, protocol 47:
http://www.iana.org/assignments/protocol-numbers
It's not UDP.
It appears that CenterBeam VPN uses
Burgess - 2K Wireless
Sent: Monday, January 15, 2007 4:36 PM
To: 'WISPA General List'
Subject: RE: [WISPA] IPsec/UDP and my border NAT gateway
In case someone ddi'ent say, if they are using CISCO IPSEC,
etc, what happen
is this.
1. Client requests via TCP to start a VPN session
2
:[EMAIL PROTECTED] On Behalf Of Dennis
Burgess - 2K Wireless
Sent: Monday, January 15, 2007 4:36 PM
To: 'WISPA General List'
Subject: RE: [WISPA] IPsec/UDP and my border NAT gateway
In case someone ddi'ent say, if they are using CISCO IPSEC,
etc, what happen
is this.
1. Client requests via TCP
My approach is a little more lazy than most firewall management people
provide, I suspect. If a customer isn't able to function within the set
of firewall rules that I have set for most of the customers, I add his
IP to a whitelist list of IP addresses in my firewall. These addresses
don't get