Altiga client behind PAT device

[Michael Medwid]

I have the Altiga behind a PIX which is NATting to a secure DMZ.
For PPTP I have GRE and port 1723 opened.  For IPsec you need UDP
500 and protocols 50 and 51.  I will be testing IPsec in the next
week.  I know that Altiga's IPsec over UDP works when a client is
behind a NAT.  What remains to be seen is if their IPsec over UDP
works when both the client is behind a NAT and the Altiga Concentrator
is behind a NAT.  Or if the client is not natted but the concentrator
is.  Then there's the PAT variant of all this.  I'll let y'all know
what I find if someone else doesn't answer this sooner.

-Michael


-----Original Message-----
From: Christopher_St_Clair at MAIL.BANKONE.COM
[mailto:Christopher_St_Clair at MAIL.BANKONE.COM]
Sent: Tuesday, May 23, 2000 1:37 PM
To: VPN at SECURITYFOCUS.COM
Subject: Altiga client behind PAT device


A while back someone mentioned the new Altiga 2.2 client working
behind a NAT/PAT device. We have the new client, but I'm wondering
if anyone has any direct experience making this work relative to what
ports need to be opened on the NAT/PAT device to allow for the
communication.

The Altiga documentation mentions UDP 500 and some high ports in 40000
range. I've been attempting to get this to work behind a Linux firewall
using
ipfwadm.

Any tips, pointers, advice would be great.

Thanks.

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM