RE: Any Firewalls work well with PPPoE?

["Whitlock, Teresa" <Teresa.Whitlock () dionex com>]

Peter,

With PPPoE either the user can't connect at all or they can connect and ping
anyone inside the firewall, but they cannot use any applications.  Either
they hang the system or they simply do not run.  If the user tries dialup
with the tunnel it works just fine.  My understanding is that it can be
caused by a problem with MTU sizes, but changing that doesn't always work.

I'm not sure what Nexland does that is different, but as I said, we have had
some luck using their devices on the client end.

Since it seems like PPPoE is likely to stay around, I would like to find a
solution that doesn't take a lot of configuration on the client end (my
remote users have a wide range of computer skills and some of them simply
are not capable of complex setups).

-----Original Message-----
From: Peter Crocker [mailto:pcrocker () netscreen com] 
Sent: Saturday, June 16, 2001 1:46 AM
To: 'Whitlock, Teresa'
Subject: RE: [fw-wiz] Any Firewalls work well with PPPoE?


Teresa,

What do you mean it doesn't work so well? What are the symptoms when using
PPPoE?

Regarding PPPoE, it looks like it going to be around for a while. It's very
popular for DSL use, and it's generic enough that I can see it being used
many times when a new Internet access technology comes along, such as
wireless, etc. It's purpose is to provide authentication, and to send
network settings information down to the client such as IP address and DNS
server. It's essentially the same concepts as PPP over dialup, but they
needed to be able to do this from devices (PCs and firewalls) behind the box
that actually has the DSL like connecting to it.

The DSL provider should be recommending PPPoE software for Windows (and
possibly other operating systems), and if you're having issues, that should
be the place to start. I don't think a VPN client on Windows should care
whether it's PPPoE or ISDN or Ethernet too much, but it certainly could be
possible. It depends on what kinds of problems you see.

For example, our NetScreen Remote VPN software client doesn't know or care
that PPPoE is being used. It just sees another network interface. However,
our NetScreen-5 hardware firewall and VPN gateway box must support PPPoE in
it, since it's separating the DSL from all the users behind it. 

Regards,
Peter

-----Original Message-----
From: Whitlock, Teresa [mailto:Teresa.Whitlock () dionex com]
Sent: Friday, June 15, 2001 2:02 PM
To: 'firewall-wizards () nfr com'
Subject: [fw-wiz] Any Firewalls work well with PPPoE?


We are currently using Raptor with people coming in via VPN using the
RaptorMobile client.  Unfortunately, we are having some major issues with
several remote users located in various areas across the country due to the
problems with DSL with PPPoE.

We've tried changing the MTU size, having them change routers, switching
settings on the Firewall and client end.  Dialup works fine, but DSL doesn't
work so well.  Most of the time we give up and have them switch service
providers to one that does not use PPPoE.  We've had some success lately
with Nexland routers on the client end, but the process is still difficult.

I have a couple of questions.  First, are there any of the major players
that have a good solution for this kind of situation?  I wouldn't be opposed
to switching products if we could actually find one that worked well.

Second, could someone explain to me a bit about what PPPoE actually is and
whether it is likely to stick around to become a bigger pain?  I've read the
bits I can find, but I'd like more.

Teresa



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards