OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matt Beck (MbeckGiantStep.com)
Date: Fri Jun 08 2001 - 18:08:56 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I think I touched on that in my previous post. I assumed the remote client
    would always initiate the connection.

    With the Linksys product, the LAN *could* attempt to begin a connection with
    the remote host, but that is rarely needed. Most often, remote VPN clients
    are DHCP assigned addresses by both the remote ISP and the VPN concentrator.
    If any time has passed since the client disconnected, the VPN will probably
    fail to connect.

    And if the firewall were to be configured for LAN initiation of a
    connection, I *think* you would have to configure it to forward IPSEC and
    UDP into the private (remote) network. Negotiation of credentials occurs
    (TCP) and then communication switches to UDP.

    Please correct me if I'm wrong on any of this. Friday meetings here serve
    beer. :-)

    Matt

    -----Original Message-----
    From: Todd Schubert [mailto:tschubertjorycapital.com]
    Sent: Friday, June 08, 2001 9:17 AM
    To: focus-mssecurityfocus.com
    Subject: RE: IPSec thru SonicWall SOHO2 firewall

    For this to work, would the firewall have to be set to allow all connections
    originating from the Lan?

    Todd

    -----Original Message-----
    From: Matt Beck [mailto:MbeckGiantStep.com]
    Sent: Thursday, June 07, 2001 1:56 PM
    To: 'focus-mssecurityfocus.com'
    Subject: RE: IPSec thru SonicWall SOHO2 firewall

    Hello,

    My experience with a similar product (Linksys) is that the VPN will pass
    through the firewall without a problem if the client starts the connection.
    (I assume this will be the case for you.) If the SonicWall won't allow
    that, set the Cisco client to use UDP through NAT and configure the firewall
    to forward UDP 500(?) to your internal client IP.

    The major drawback to either of these solutions is that (at least with the
    Linksys) you cannot have multiple clients behind the firewall establishing
    VPN connections.

    Hope this helps.

    Matt

    -----Original Message-----
    From: Kevin D [mailto:kdlistsmtsolutions.net]
    Sent: Thursday, June 07, 2001 10:12 AM
    To: focus-mssecurityfocus.com
    Subject: IPSec thru SonicWall SOHO2 firewall

    I was wondering if anyone knew whether a sonicwall soho2 doing NAT would
    support the IPSec protocol (pass through)? I have a client machine (win98)
    trying to connect to a remote Cisco VPN device using the native Cisco VPN
    client software and IPSec.

    I know the sonicwall soho2 firewall has a vpn upgrade option, but I don't
    want to use the firewall itself for VPN, I just want IPSec pass through over
    NAT.

    Thanks,
    Kevin