Encryption through NAT and State table

["Gwydion Mine" <Gwydion () myrealbox com>]

Hello Chaps,

I need to get a VPN working to a client site. Problem is that for one reason or another they do not want to configure 
inbound rules, only outbound, on their firewall (PIX). For this reason I will not be able to initiate the connection to 
our VPN end-point on the client network and instead will get this VPN end-point to send keep-alives to my end every so 
often to keep the VPN online.

My problem is what protocol to use LPTP or IPSec (IKE, AH, ESP). Their network is on a 1918 and so the encrypted 
packets will need to flow through the NAT table on the PIX. On top of this, because of the lack of inbound connections, 
I guess it also needs to be statful so that the PIX will allow the return connections....

I know that by allowing GRE on a pix the above will work for PPTP (and would assume LPTP) but ideally I want to use 
IPSec. ALSO, I just want to know how it works 'cause I thought state worked on layer 4 - so in tunnel mode how does the 
state table work for the PPTP connection?

Does this make sense? Any ideas would be very much appreciated.

Thanks!!

Gwyd




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------