I think I'm screwed...

[Jose Muniz]

Hello Thomas,
Well, it seams that there is a 'Device' doing NAT in between the hosts
that need to talk IPSec with each other, Gauntlet VPN is IPSec based..
OK going back to the issue, there can't be NAT in between two devises
that
communicate via IPSec protocol, it just won't work.
IF this not the case "NOT NAT IN BETWEEN" then you just solve your
problems by creating a filter on the "Unknown Firewall" to allow
IKE [Internet Key Exchange] which uses UDP port 500 and I will imagine
that you want to use ESP in tunel mode so also you will need to open
protocol 50 on the same unknown devise, and make sure that you can route
traffic from right to left, and left to right  :]

Jose Muniz.


"Thomas J. Arseneault" wrote:
>
> But I figgered I'll ask the lists. I have a client who needs a VPN between
> his remote site and his main site. Both sites use Gauntlet firewalls and I
> have been able to get a VPN going between two Gauntlet sites before. The
> problem is this: The remote site firewall sits behind a firewall for the
> whole building. I don't know the make/model of the building firewall. This
> building firewall NATs so that I don't seen the correct address coming from
> the client's firewall (I see the buildings firewall). Does anyone have a
> possible config that could work in this setup?
>
> Main Site___________Main Site_____Internet_____Building______Client
> ________Client
> Host                Firewall                   Firewall      Firewall
> Host
>
> Thanks,
>
> **********************************************
> Tom Arseneault
> System Admin.
> Gnac Inc.
> arsen at gnac.com
> **********************************************
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM