Source Address
Davis, Peter
pdavis at altiga.com
Tue Dec 7 10:42:20 EST 1999
Eric,
This really depends on your VPN device. There are three possibilities. Some
products can do any of the 3 below.
1) VPN device does not perform NAT and does not assign IP addresses -
IP is that of remote user
2) VPN device assigns client addresses - IP is another IP address
(local) for that customer
3) VPN device performs NAT (either way) - IP is that of the VPN device
private interface
Best regards,
-pete
-----Original Message-----
From: Jeffery Eric Contr 95CS/TYBRIN
[mailto:Eric.Jeffery at edwards.af.mil]
Sent: Friday, December 03, 1999 4:53 PM
To: 'vpn at listserv.secnetgroup.com'
Subject: Source Address
Scenario:
VPN set up has External Router connected to a Firewall via
port 1 and a VPN
Device via port 2. The VPN Device is connected to the
Firewall as well, but
NOT to the Enterprise WAN. The Firewall is connected to an
Internal switch
and from there reaches the Enterprise WAN. A VPN user
located across the
country establishes a successful VPN connection with the VPN
Device. The
user then makes a SQL call to a server inside the
Enterprise. The External
Router will send the packet to the VPN Device.
Router-----------------------------------------------VPN
Device
| |
| |
| |
|--------Firewall---------------------------------------Internal Network
Question:
The VPN device will then forward the packet to the Firewall.
Is the source
address on this packet from the User across the country or
is it the source
address from the VPN Device. Assume all VPN traffic uses
IPSec.
Eric Jeffery, MCSE
Network Systems Analyst
****************************************************************
TO POST A MESSAGE on this list, send it to
vpn at listserv.secnetgroup.com
The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
We are currently experiencing "unsubscribe" difficulties.
If you
wish to unsubscribe, please send a message containing the
single line
"unsubscribe vpn your-e-mail-address" to
owner-vpn at listserv.secnetgroup.com
****************************************************************
****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
We are currently experiencing "unsubscribe" difficulties. If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
****************************************************************
More information about the VPN
mailing list