Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AltaVista Tunnel

From: "Bruce B. Platt" <bbp () comport com>
Date: Wed, 15 Oct 1997 14:22:10 -0400
At 04:09 PM 10/14/97 -0500, Eric Dykema wrote:

I'm getting ready to implement a VPN and one of the products being
evaluated is AltaVista Tunnel 97.  We need to pass traffic to both UNIX
boxes and PCs over the Tunnel.  I can't seem to do NetBEUI sessions over
the Tunnel product.  The vendor claims that it's because our fwtk-based
firewall won't pass UDP traffic, but the Tunnel documentation says that
every packet is encrypted and encapsulated in a TCP packet before
passing thru the firewall.  Therefore, I don't think I believe them.  I
suspect the cause might be that NetBEUI is unroutable and can't be
routed thru the Tunnel server.



We regularly mount NT-server based file shares across an AltaVista Tunnel.

We've used both the Unix and NT based versions of the AltaVista Firewall,
only required 
addition to the FW is a generic proxy for port 6666.

I am certainly NOT an expert on the fwtk based FW, but I am pretty certain
that the AltaVista
FWs are only passing TCP packets through the generic proxy.

What kind of problems are you having?  Is it a name to IP resolution issue?
We simplify things
by having LMHOSTS entries like:

192.168.5.5     inside.hq.comport.com

and then just use map disk drive commands from Explorer using syntax like
\\inside\diskd.

Works like a champ.  

I am assuming that you can ftp, web-browse, or other TCP stuff through fwtk
based FW over your tunnel,since you only mention you can't do NetBEUI.
 
If you can't do that, then look at your routing.  Most of the tunnel issues
I've seen are due to routes
being set up wrong.  

Regards,

Bruce







Microsoft's PPTP _can_ do NetBEUI sessions over the tunnel, but I'd
really rather not use it for reasons that don't need to be argued here.
If my above stated suspicion is correct, then I don't know how M$ routes
NetBEUI traffic thru their tunnel (and probably don't want to know).
Does anybody have any ideas on AltaVista Tunnel?  Am I right or wrong?
--------------------------------------------------
Eric Dykema
email: Eric_Dykema () sdsi com
Network Administrator
SDS, Inc.
Oak Brook, IL  USA
630 368 0400 (voice)
630 990 8584 (fax)
--------------------------------------------------




+-----------------------------------------------------+
Bruce B. Platt, Ph.D. Vice-President
Comport Consulting Corporation
78 Orchard Street
Ramsey, NJ 07446
Phone: 201-236-0505  Fax: 201-236-1335
bbp () comport com
Previous By Date Next
Previous By Thread Next

Current thread: