Firewall Wizards mailing list archives
RE: AltaVista Tunnel
From: Linwood Ferguson <ferguson () uvii mag aramark com>
Date: Wed, 15 Oct 1997 09:51:59 EST
I'm getting ready to implement a VPN and one of the products being evaluated is AltaVista Tunnel 97. We need to pass traffic to both UNIX boxes and PCs over the Tunnel. I can't seem to do NetBEUI sessions over the Tunnel product. The vendor claims that it's because our fwtk-based firewall won't pass UDP traffic, but the Tunnel documentation says that every packet is encrypted and encapsulated in a TCP packet before passing thru the firewall. Therefore, I don't think I believe them. I suspect the cause might be that NetBEUI is unroutable and can't be routed thru the Tunnel server.
Microsoft's PPTP _can_ do NetBEUI sessions over the tunnel, but I'd really rather not use it for reasons that don't need to be argued here. If my above stated suspicion is correct, then I don't know how M$ routes NetBEUI traffic thru their tunnel (and probably don't want to know). Does anybody have any ideas on AltaVista Tunnel? Am I right or wrong?
NetBeui is not routable, but once encapsulated in a TCP (or GRE for PPTP) packet, it can go anywhere IP can. The receiving system unpacks it and forwards it on the wire as though it originated locally, in a sense like a bridge. I don't know Altavista Tunnel, but if it is encapsulating it, I would not expect the firewall's lack of UDP to be an issue. In fact, I would not expect the firewally to even know what was packaged inside. As a suggestion, I had good luck with MS's PPTP by first testing it locally inside the firewall. I could then put a sniffer and see exactly what traffic types and ports were in use. You might try that with Altavista, and then could know if they are right or not. It's worth noting that MS PPTP can't go through a firewall without being able to pass GRE (protocol 47) packets; that's not UDP, but is closer to UDP than TCP, and if memory serves the TIS TK can't do that either (though I haven't any way at the moment to check). But in that case (with MS PPTP) it would fail to pass any tunneled traffic, not just netbeui. - Linwood ----------------------------------------------------------------------- Linwood Ferguson e-mail: ferguson () mag aramark com Director, Software Engineering Voice: (US) 540/967-0087 ARAMARK Mag & Book Services
Current thread:
- AltaVista Tunnel Eric Dykema (Oct 15)
- <Possible follow-ups>
- RE: AltaVista Tunnel Linwood Ferguson (Oct 15)
- Re: AltaVista Tunnel Bruce B. Platt (Oct 17)
- Re: AltaVista Tunnel Joseph S. D. Yao (Oct 17)
- Altavista Tunnel Eric Dykema (Oct 17)