[ale] OT:VPN experts...

Matt Smith msmith at risklabs.com
Tue Jun 17 22:47:57 EDT 2003 

I wouldn't call myself an expert, but I have dealt a good bit with tunneling
through a NAT, and more complex arrangements (load balancers, etc).

The deal with VPN's (IPSec) is that the source and destination of the tunnel
MUST be on port 500 (typically), so the router can't pick an ephemeral port
at random for the outside of the NAT of each tunnel.. it HAS to use 500, so
when you have two sessions using that same port, it makes it a little harder
to keep up with.  I guess the newer router has the logic to handle mapping
the destinations of each tunnel back to the destination PC's on your LAN.
Although it obviously isn't doing a very good job.

I'd suggest you check to see if there are any firmware updates for the
routers, and check with the Nortel website - the VPN vendors want you to use
the product (even if your IT staff does not), so they often have
hardware-specific knowledge base articles that can offer some help.  While
they may simply tell you it won't work, at least you'll know to stop trying.
:)

Good luck!


--Matt


-----Original Message-----
From: miguel [mailto:miguelq at bellsouth.net]
To: ale at ale.org
Sent: Tuesday, June 17, 2003 8:26 PM
To: ale
Subject: [ale] OT:VPN experts...


hello

both my wife and I use nortel access client software to vpn to our 
different workplaces.
although my RO318 netgear router supports ipsec passthrough only one of 
us can connect
at the same time. if we both try to connect at the same time, one 
connection/tunnel won't disconnect, but gets trashed or something like it.

so, i tried the linksys befsx41(supports 2 vpn tunnels) router. treid 
together a couple of times, sometimes it works and sometimes it does not.

I am beginning to understand VPN,but i don't understand if we both have 
what i think separate tunnels...then what is the problem?

our IT network dudes don't give us the params for the company VPN 
servers, so cannot config the
liknsys router....the say the software should be enough.

any hints appreciatted....

-miguel


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale


----- 
Confidential Information 

The information in this e-mail message (including any attachments) is
privileged and confidential information intended only for the use of the
individual or entity named above.  If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly prohibited.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list