RE: VPN through DSL

["R. DuFresne" <dufresne () sysinfo com>]

On Wed, 13 Mar 2002, Peter Lukas wrote:

> True, and yet some DSL providers assign a /30 subnet to a user's
> connection. Large-scale providers, on the other hand, are more
> conservative in their IP handouts and assign a single address to the DSL
> router and have the user NAT through that.
>
> It's also possible the techies at her company tested their VPN solution
> on only dialup scenarios. Since most dialup sessions are assigned a
> routable IP locally, their VPN solution would work.
>
> I don't recall if the original post contained that information or not.

Agreed, yet, as I stated, I find it kind of strange the techies at her
company are not supplying the SW <software> for the vpn connection and
rather letting her obtain such from her ISP or whatever.  It's more often
the fact a company comes up with a solution surroudning specific SW, let
alone HW configurations, ayone chosing to go another route would find
themselve unsupported, same for many ISP', of which there are quite a
number that only support M$ as an OS via which to connect to them with,
though ISP' tending to be this OS specific in support requirements is sure
dwindling, it is not uncommon to find that a linux/unix/*bsd OS to be
unsupported by the ISP' staff.  If the compnay is offering a VPN stradegy
they often have a sleect or set of select SW options they supprot and
recomend, often supplying the employee a disk of CD of such SW as well as
specific instructions on how to establish the connection.  

Her original post did mention that the SW she was using was supplied by
her ISP, so one certainly assumes her ISP supports VPN connections over
it's links.  Though it is her employers techies she needs to work closest
with to get the connection established as well to determine the problems
with this connectivity, assuming as I have her ISP supports the connection
due to their pointing her at the SW for it.  The employers techies should
be able to determine from their end, what they VPN applicanes logs are
showing and whether or not they can 'touch' her system from their end to
help determine where the problem is in this endeavor.  Being her employer
seems to require OTP for access/connectivity, and her ISP supplied her
with a client without this functionality turned on, this makes one wonder
if the SW she is using is complaint and compatable with the appliance her
employer has in place and their access/connectivity requirements.  All the
more reason for the employer to take this in hand with either supplying
the proper SW or at least recommending one or more SW packages they can
support and work with.

Thanks,

Ron DuFresne

> Peter
>
> On Wed, 13 Mar 2002, R. DuFresne wrote:
>
> > On Wed, 13 Mar 2002, Peter Lukas wrote:
> >
> > > Sounds like your VPN software runs on your client machine and your DSL
> > > router is running NAT. This will cause problems for most any VPN
> > > connection. It is also possible that your provider is blocking certain
> > > protocols required for VPN connections as Jeffrey points out.
> >
> > I tend to get the impression her issues might be more related to NAT
> > problems then issues with ehr provider as she states the VPN SW came from
> > the provider.  Yet, I find this kind of strange as most often one gets the
> > SW that the employer uses and knows from them for such connectivity.  I'm
> > surprised her techies at the company have not worked this our for her
> > there.  Sure makes it better for them to support a product they know then
> > to try and support all the products out here for such use.
> >
> >
> > Thanks,
> >
> > Ron DuFresne
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >         admin & senior security consultant:  sysinfo.com
> >                         http://sysinfo.com
> >
> > "Cutting the space budget really restores my faith in humanity.  It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation."
> >                 -- Johnny Hart
> >
> > testing, only testing, and damn good at it too!

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards