Help
Matthew Harkrider
mhark at INSYNC.NET
Fri Mar 2 21:34:11 EST 2001
This seems to be the case with most cable providers. They simply seem to
be utilizing NAT in order to save routable IP's and as you mentioned, many
of the VPN applications don't work with NAT enabled.
Fortunately, if you have the technology and have access to the client, the
Cisco Concentrator Series does support NAT transparent IPSEC. Then again,
most home users would be using this client, at least not from my
experience. The best you could probably hope for is that your provider
will issue you a routable address.
MH
.................
On Fri, 2 Mar 2001, Kevin Prince wrote:
> I have Cable America broadband and although they do not block any ports,
> they actually assign RFC1918 (private addresses) to all subscribers. You
> have to pay additional $$$ /month if you want a static PUBLIC address. All
> of the addresses they give home users are 192.168.x.x adds. Although I have
> requested a public address so I can do IPSec, it has been over a month that
> I have been waiting. Apparently what they are doing is some kind of NAT/PAT
> from somewhere within their network out to the Internet. The SafeNet/IRE
> client doesn't support NAT/PAT so although no ports are blocked, an IPSec
> tunnel cannot be established. For the same reason I cannot establish an
> IPSec tunnel from my NetScreen 5 out to another NetScreen.
>
> Bottom line, port blocking may not be the only reason why an IPSec tunnel
> cannot be established.
>
> Kevin
>
> -----Original Message-----
> From: Yen Quy [mailto:yquy at ENNOVATENETWORKS.COM]
> Sent: Friday, March 02, 2001 8:39 AM
> To: VPN at SECURITYFOCUS.COM
> Subject: Re: Help
>
>
> Thanks, folks, for the all the helpful response so far. My ISP (Charter
> Communication in MA) vowed that they did not block any port, nor restrict
> Cable Modem usage.
> My VPN still does not work ;-(
> Yen
>
> -----Original Message-----
> From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of Joseph
> S D Yao
> Sent: Thursday, March 01, 2001 8:58 AM
> To: VPN at SECURITYFOCUS.COM
> Subject: Re: Help
>
>
> On Wed, Feb 28, 2001 at 12:59:45PM -0700, Steve Goldhaber wrote:
> > I wouldn't think that your ISP is doing anything here. ...
>
> There are ISPs who recently have started blocking IPsec tunnels on home
> service. This is so that they can charge you for business service
> instead. Quy will need to check any recent announcements on the ISP's
> Web page.
>
> RoadRunner in our area has started doing this. ;-(
>
> --
> Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
> COSPO/OSIS Computer Support EMT-B
> -----------------------------------------------------------------------
> This message is not an official statement of COSPO policies.
>
> VPN is sponsored by SecurityFocus.COM
>
> VPN is sponsored by SecurityFocus.COM
>
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list