Altiga client behind PAT device

[Rob Pagano]

Use the Altiga 2.1.3 client and use its IPSec over UDP option. Then you can do whatever you want to that UDP packet (NAT, PAT, etc)...

You have to have 2.1.3 code on the concentrator as well...

---
+------------+
| Rob Pagano |
+------------+

On Tue, 23 May 2000 15:17:35   Michael Medwid wrote:
>I have the Altiga behind a PIX which is NATting to a secure DMZ.
>For PPTP I have GRE and port 1723 opened.  For IPsec you need UDP
>500 and protocols 50 and 51.  I will be testing IPsec in the next
>week.  I know that Altiga's IPsec over UDP works when a client is
>behind a NAT.  What remains to be seen is if their IPsec over UDP
>works when both the client is behind a NAT and the Altiga Concentrator
>is behind a NAT.  Or if the client is not natted but the concentrator
>is.  Then there's the PAT variant of all this.  I'll let y'all know
>what I find if someone else doesn't answer this sooner.
>
>-Michael
>
>
>-----Original Message-----
>From: Christopher_St_Clair at MAIL.BANKONE.COM
>[mailto:Christopher_St_Clair at MAIL.BANKONE.COM]
>Sent: Tuesday, May 23, 2000 1:37 PM
>To: VPN at SECURITYFOCUS.COM
>Subject: Altiga client behind PAT device
>
>
>A while back someone mentioned the new Altiga 2.2 client working
>behind a NAT/PAT device. We have the new client, but I'm wondering
>if anyone has any direct experience making this work relative to what
>ports need to be opened on the NAT/PAT device to allow for the
>communication.
>
>The Altiga documentation mentions UDP 500 and some high ports in 40000
>range. I've been attempting to get this to work behind a Linux firewall
>using
>ipfwadm.
>
>Any tips, pointers, advice would be great.
>
>Thanks.
>
>VPN is sponsored by SecurityFocus.COM
>
>VPN is sponsored by SecurityFocus.COM
>


--== Sent via Deja.com http://www.deja.com/ ==--
Before you buy.

VPN is sponsored by SecurityFocus.COM