Source Address

Davis, Peter pdavis at altiga.com
Tue Dec 7 10:42:20 EST 1999 

Eric,

This really depends on your VPN device. There are three possibilities. Some
products can do any of the 3 below.

1)	VPN device does not perform NAT and does not assign IP addresses -
IP is that of remote user
2)	VPN device assigns client addresses - IP is another IP address
(local) for that customer
3)	VPN device performs NAT (either way) - IP is that of the VPN device
private interface

Best regards,
-pete

		-----Original Message-----
		From:	Jeffery Eric Contr 95CS/TYBRIN
[mailto:Eric.Jeffery at edwards.af.mil]
		Sent:	Friday, December 03, 1999 4:53 PM
		To:	'vpn at listserv.secnetgroup.com'
		Subject:	Source Address

		Scenario:

		VPN set up has External Router connected to a Firewall via
port 1 and a VPN
		Device via port 2.  The VPN Device is connected to the
Firewall as well, but
		NOT to the Enterprise WAN.  The Firewall is connected to an
Internal switch
		and from there reaches the Enterprise WAN.  A VPN user
located across the
		country establishes a successful VPN connection with the VPN
Device.  The
		user then makes a SQL call to a server inside the
Enterprise.  The External
		Router will send the packet to the VPN Device.  

		Router-----------------------------------------------VPN
Device
						|	|	
						|	|
						|	|	
			
	
|--------Firewall---------------------------------------Internal Network
		Question:

		The VPN device will then forward the packet to the Firewall.
Is the source
		address on this packet from the User across the country or
is it the source
		address from the VPN Device.  Assume all VPN traffic uses
IPSec.

		Eric Jeffery, MCSE
		Network Systems Analyst


	
****************************************************************
		TO POST A MESSAGE on this list, send it to
vpn at listserv.secnetgroup.com

		The VPN FAQ (under construction) is available at
		http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html

		We are currently experiencing "unsubscribe" difficulties.
If you
		wish to unsubscribe, please send a message containing the
single line
		"unsubscribe vpn your-e-mail-address" to
owner-vpn at listserv.secnetgroup.com

	
****************************************************************

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************

More information about the VPN mailing list