Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: VPN Question

From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 25 Aug 2003 09:40:01 -0700
  The usual issue is that the firewall the client is behind is
doing NAT (Network Address Translation) and the encapsulation
by the VPN software includes an encrypted copy of the client's
IP address.  At the VPN server (in your case, the SonicWall),
the "envelope" source IP address had been altered by the NAT,
and doesn't match what's inside the encrypted packet -- so the
server rejects it.

  Many VPN implementations include a "use UDP" mode that 
sidesteps this issue.  I don't see any mention of this on 
SonicWall's Pro230 site, though, so I suspect it might not.
(It might appear as a configuration option on the client
software....)

David Gillett



-----Original Message-----
From: Jim Brezicky [mailto:brezicky () infimed com]

 Good afternoon all,  This posting is a little off track, but 
I'm hoping someone can help me  anyway.  I have a SonicWall 
Pro230 and I'm trying to do VPN with it. My users  connect 
from some locations and not others. Example: They could 
connect  from the Airport in Cincinnati, but not the airport 
in Las Vegas. Seems  they can't connect in many (if any 
hotels). In speaking with SonicWall  they said this is a 
known issue when connecting through a firewall on the  hotel 
side.  I know I'm not the first company to try this, and was 
wondering how others  get by this issue? Or is this an 
inherent SonicWall issue.  Most of my users are traveling 
Sales people, and will go all around the  US, and Japan.  Any 
insight would be GREATLY appreciated.  Thanks,  Jim Brezicky 
InfiMed Inc 
--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: