Security Basics mailing list archives
RE: VPN Question
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 25 Aug 2003 09:40:01 -0700
The usual issue is that the firewall the client is behind is doing NAT (Network Address Translation) and the encapsulation by the VPN software includes an encrypted copy of the client's IP address. At the VPN server (in your case, the SonicWall), the "envelope" source IP address had been altered by the NAT, and doesn't match what's inside the encrypted packet -- so the server rejects it. Many VPN implementations include a "use UDP" mode that sidesteps this issue. I don't see any mention of this on SonicWall's Pro230 site, though, so I suspect it might not. (It might appear as a configuration option on the client software....) David Gillett
-----Original Message----- From: Jim Brezicky [mailto:brezicky () infimed com] Good afternoon all, This posting is a little off track, but I'm hoping someone can help me anyway. I have a SonicWall Pro230 and I'm trying to do VPN with it. My users connect from some locations and not others. Example: They could connect from the Airport in Cincinnati, but not the airport in Las Vegas. Seems they can't connect in many (if any hotels). In speaking with SonicWall they said this is a known issue when connecting through a firewall on the hotel side. I know I'm not the first company to try this, and was wondering how others get by this issue? Or is this an inherent SonicWall issue. Most of my users are traveling Sales people, and will go all around the US, and Japan. Any insight would be GREATLY appreciated. Thanks, Jim Brezicky InfiMed Inc -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- VPN Question Jim Brezicky (Aug 22)
- RE: VPN Question Lucas Zaichkowsky (Aug 25)
- RE: VPN Question David Gillett (Aug 26)
- <Possible follow-ups>
- RE: VPN Question DeGennaro, Gregory (Aug 22)
- Re: VPN Question Gabriel Orozco (Aug 25)
- Re: VPN Question yankl (Aug 25)
- RE: VPN Question Burton M. Strauss III (Aug 25)
- RE: VPN Question Dana Smith (Aug 25)
- RE: VPN Question chort (Aug 25)
- Re: VPN Question Schneider Sebastian (Aug 25)
- FW: VPN Question Atmavidya, Ananda (Aug 25)
- RE: VPN Question Sinha, Amitabh (Amit) (Aug 25)
- RE: VPN Question George Peek (Aug 25)
(Thread continues...)