Altiga client behind PAT device

[Pete Davis]

Where the Concentrator is located is unrelated to whether or not this will
work. You will need to do ADDRESS NAT (1:1) and not Inbound PAT for your
Concentrator. The main purpose of the feature is for the client to be behind
a PAT device, this works fine.

Regards,
-pete

On Tue, May 23, 2000 at 03:17:35PM -0700, Michael Medwid wrote:
> I have the Altiga behind a PIX which is NATting to a secure DMZ.
> For PPTP I have GRE and port 1723 opened.  For IPsec you need UDP
> 500 and protocols 50 and 51.  I will be testing IPsec in the next
> week.  I know that Altiga's IPsec over UDP works when a client is
> behind a NAT.  What remains to be seen is if their IPsec over UDP
> works when both the client is behind a NAT and the Altiga Concentrator
> is behind a NAT.  Or if the client is not natted but the concentrator
> is.  Then there's the PAT variant of all this.  I'll let y'all know
> what I find if someone else doesn't answer this sooner.
>
> -Michael
>
>
> -----Original Message-----
> From: Christopher_St_Clair at MAIL.BANKONE.COM
> [mailto:Christopher_St_Clair at MAIL.BANKONE.COM]
> Sent: Tuesday, May 23, 2000 1:37 PM
> To: VPN at SECURITYFOCUS.COM
> Subject: Altiga client behind PAT device
>
>
> A while back someone mentioned the new Altiga 2.2 client working
> behind a NAT/PAT device. We have the new client, but I'm wondering
> if anyone has any direct experience making this work relative to what
> ports need to be opened on the NAT/PAT device to allow for the
> communication.
>
> The Altiga documentation mentions UDP 500 and some high ports in 40000
> range. I've been attempting to get this to work behind a Linux firewall
> using
> ipfwadm.
>
> Any tips, pointers, advice would be great.
>
> Thanks.
>
> VPN is sponsored by SecurityFocus.COM
>
> VPN is sponsored by SecurityFocus.COM

---
     Pete Davis - Product Manager <psd at cisco.com>  (508) 541-7300 x6154
   Cisco Systems, Inc.  - 124 Grove Street Suite 205   Franklin, MA 02038

VPN is sponsored by SecurityFocus.COM