From jef at linuxbe.org Fri Feb 3 08:35:40 2006 From: jef at linuxbe.org (Jean-Francois Dive) Date: Fri, 3 Feb 2006 14:35:40 +0100 Subject: [VPN] Re: Need help with two Linksys BEFVP41 routers. In-Reply-To: <002201c61b6e$d7e68880$8d03a8c0@comtextelecom.com> References: <76D4A18642EC5046B9C8980F895F4FBB01BBF8A4@ntmadison.nydomain.com> <002201c61b6e$d7e68880$8d03a8c0@comtextelecom.com> Message-ID: <20060203133540.GA19961@www.beit.be> how could you fix something on a network topo that you dont know ? There is a lot of possible reason why it could not work in what you're explaining. Need more data to process question ... bip. J. On Tue, Jan 17, 2006 at 08:03:48AM -0600, Ken Livingston wrote: > I have searched and searched and I am not sure if I am able to do what I am > trying to do. > > OK, let me explain a bit. I have established a tunnel between two BEFVP41 > routers through the internet. I want to route traffic through them for a > couple of VoIP phones to a phone switch. The first issue is that the phone > switch does not reside on the LAN side of either of the BEFVP41. It does > reside on the network which is on the WAN side of one though. Here is the > current network breakdown. > > Internet --> Cisco Pix Firewall --> Cisco 3810 > (192.0.1.x/255.255.255.0) --> > Cisco 3640 (192.168.1.x/255.255.255.0) --> Linksys BEFVP41 > (192.168.2.x/255.255.255.0) > > The Cisco 3640 is the router through which my phone system is on the > network. It has an ip address of 192.168.1.113. The other side of the VPN > tunnel is just the internet connection to the Linksys. Also, I am not > absolutely sure if the topology for the placement of the Pix Firewall is > accurate. I did not setup this network and I really know nothing about > Cisco stuff. > > Internet --> Linksys BEFVP41 (192.168.4.x/255.255.255.0) --> IP Phones > > I can establish the tunnel with no problems. I need to know if there is > any > configuration needed (or desired) on the Cisco routers and/or the Pix. > Also, is there a way to establish a static route from the Linksys BEFVP41s > through the tunnel on either end? So that I can route the IP traffic from > the IP phones to the 192.168.1.113 IP address? Any help would be greatly > appreciated! > > Ken > > _______________________________________________ > VPN mailing list > VPN at lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/vpn -- -- -> Jean-Francois Dive --> jef at linuxbe.org I think that God in creating Man somewhat overestimated his ability. -- Oscar Wilde From AFalkovich at lnc.com Tue Feb 14 14:21:56 2006 From: AFalkovich at lnc.com (Falkovich, Alex) Date: Tue, 14 Feb 2006 14:21:56 -0500 Subject: [VPN] Encryption domain in cisco vpn-3030 Message-ID: <05580D3210A34D4C957AF2E070986BB814253F@sbymeml016.us.ad.lfg.com> We are configuring a VPN tunnel using a cisco vpn-3030 concentrator, where we are PATing 10.0.0.0/8 network and using static NAT for the 172.21.21.23 & .24 hosts. My question is what do we enter for the Local Network address when configuring the tunnel, the NATed addresses or the private addresses ? Thanks. _ Alex Notice of Confidentiality: **This E-mail and any of its attachments may contain Lincoln National Corporation proprietary information, which is privileged, confidential, or subject to copyright belonging to the Lincoln National Corporation family of companies. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. Thank You.** From AFalkovich at lnc.com Tue Feb 14 16:19:12 2006 From: AFalkovich at lnc.com (Falkovich, Alex) Date: Tue, 14 Feb 2006 16:19:12 -0500 Subject: [VPN] Re: Encryption domain in cisco vpn-3030 Message-ID: <05580D3210A34D4C957AF2E070986BB8142542@sbymeml016.us.ad.lfg.com> Thanks. Do we also need to specify the 10. addresses in the encryption domain? Thanks again. -----Original Message----- From: Dana J. Dawson [mailto:Dana.Dawson at qwest.com] Sent: Tuesday, February 14, 2006 4:15 PM To: Falkovich, Alex; vpn at lists.shmoo.com Subject: Re: [VPN] Encryption domain in cisco vpn-3030 You need to specify the NATed address, since NAT happens before encryption for outgoing packets. This makes sense if you think about it, since you can't NAT something that's been encrypted. Good luck! Dana --- Dana J. Dawson Dana.Dawson at qwest.com Sr. Staff Engineer CCIE #1937 Qwest Communications JNCIA-FWV 600 Stinson Blvd., Suite 1S Minneapolis MN 55413-2620 On Tuesday, Feb 14 - 1:21:56 PM, at 1:21 PM, Falkovich, Alex wrote: > We are configuring a VPN tunnel using a cisco vpn-3030 concentrator, > where we are PATing 10.0.0.0/8 network and using static NAT for the > 172.21.21.23 & .24 hosts. My question is what do we enter for the > Local > Network address when configuring the tunnel, the NATed addresses or > the > private addresses ? > > Thanks. > > _ Alex > Notice of Confidentiality: > **This E-mail and any of its attachments may contain > Lincoln National Corporation proprietary information, which is > privileged, > confidential, or subject to copyright belonging to the > Lincoln National Corporation family of companies. This E-mail is > intended > solely for the use of the individual or entity to which it is > addressed. > If you are not the intended recipient of this E-mail, you are hereby > notified that any dissemination, distribution, copying, or action > taken > in relation to the contents of and attachments to this E-mail is > strictly > prohibited and may be unlawful. If you have received this E-mail in > error, > please notify the sender immediately and permanently delete the > original > and any copy of this E-mail and any printout. Thank You.** > _______________________________________________ > VPN mailing list > VPN at lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/vpn Notice of Confidentiality: **This E-mail and any of its attachments may contain Lincoln National Corporation proprietary information, which is privileged, confidential, or subject to copyright belonging to the Lincoln National Corporation family of companies. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. Thank You.** From Dana.Dawson at qwest.com Tue Feb 14 16:14:39 2006 From: Dana.Dawson at qwest.com (Dana J. Dawson) Date: Tue, 14 Feb 2006 15:14:39 -0600 Subject: [VPN] Re: Encryption domain in cisco vpn-3030 In-Reply-To: <05580D3210A34D4C957AF2E070986BB814253F@sbymeml016.us.ad.lfg.com> References: <05580D3210A34D4C957AF2E070986BB814253F@sbymeml016.us.ad.lfg.com> Message-ID: <55CCA591-4D89-4B80-A54B-27BE6782F9AD@qwest.com> You need to specify the NATed address, since NAT happens before encryption for outgoing packets. This makes sense if you think about it, since you can't NAT something that's been encrypted. Good luck! Dana --- Dana J. Dawson Dana.Dawson at qwest.com Sr. Staff Engineer CCIE #1937 Qwest Communications JNCIA-FWV 600 Stinson Blvd., Suite 1S Minneapolis MN 55413-2620 On Tuesday, Feb 14 - 1:21:56 PM, at 1:21 PM, Falkovich, Alex wrote: > We are configuring a VPN tunnel using a cisco vpn-3030 concentrator, > where we are PATing 10.0.0.0/8 network and using static NAT for the > 172.21.21.23 & .24 hosts. My question is what do we enter for the > Local > Network address when configuring the tunnel, the NATed addresses or > the > private addresses ? > > Thanks. > > _ Alex > Notice of Confidentiality: > **This E-mail and any of its attachments may contain > Lincoln National Corporation proprietary information, which is > privileged, > confidential, or subject to copyright belonging to the > Lincoln National Corporation family of companies. This E-mail is > intended > solely for the use of the individual or entity to which it is > addressed. > If you are not the intended recipient of this E-mail, you are hereby > notified that any dissemination, distribution, copying, or action > taken > in relation to the contents of and attachments to this E-mail is > strictly > prohibited and may be unlawful. If you have received this E-mail in > error, > please notify the sender immediately and permanently delete the > original > and any copy of this E-mail and any printout. Thank You.** > _______________________________________________ > VPN mailing list > VPN at lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/vpn From imagineering1 at gmail.com Mon Feb 27 22:40:06 2006 From: imagineering1 at gmail.com (Malcolm Sperry) Date: Mon, 27 Feb 2006 19:40:06 -0800 Subject: [VPN] VPN; how do you know it's reliable? Message-ID: Could someone help me with this? I'm a writer working in the area of vote security and have been coming up with some out of the box solutions to the problem of the stolen vote.See www.howtorescueamerica.com for a couple of them. About four years ago I began to notice some rather strange things assocciated with my internet connection. I operate wireless because I live on a boat that is anchored in a bay in the western part of the US. It is anchored only a mile or so away from a military complex. I assumed from the beginning that what I do was being monitored and frankly, niaively didn't mind. You see I thought government had an overriding interest and that it was reasonable for me to put up with such an intrusion for the sake of the security of this country. The 'strange things' I noticed began the very day I went to post an email to various politco-literary websites asking if they would publish an article that was eventually published by centrexnews, an on-line experiment of the Washington Post. The article was called How To Save America and was very well received. After that I began to post other rather "creative" solutions to the problems we're facing and just when I'd go to post them, my troubles with my internet connection would begin again. I mean disconnects, switching to other SSIDs and undelivered email. I can only guess at the source of my troubles, but it seems unlikely anyone would tip their hand by interfering with someone excercising their first amendment rights in what must be a highly monitored area such as mine. Therefore, I've begun to suspect some government agency or over sealous individual within an agency of interfering with the normal process of democracy. Is this what it all is going to come too? We give government lattitude to monitor only to have significant communications interfered with. That is why I'm writing you today. I'd like to get a VPN. I tried the big VPN service whose name I won't mention. It seemed OK, but for some reason decided to go with another service in Canada called Findnot. God, talk about a time. From the beginning, everytime I'd get on with Findnot my connection would be knocked around. Finally I gave up trying and began to wonder why the same thing hadn't happened with the other service. So, I guess my question is; can anyone recommend a VPN service that I can rely on, and maybe more important, how do you know if it is truly reliable? Thanks/mac I -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/vpn/attachments/20060227/b00a39ea/attachment.htm From vnyelurkar at gmail.com Tue Feb 28 01:06:36 2006 From: vnyelurkar at gmail.com (Virendra Yelurkar) Date: Tue, 28 Feb 2006 11:36:36 +0530 Subject: [VPN] Re: VPN; how do you know it's reliable? In-Reply-To: References: Message-ID: <517de3280602272206t2f8bb9e2nd9003dbb56f0ad7b@mail.gmail.com> Hello Malcom, It seems like you are really facing a very serious situation. I posit you to use Cisco's ipsec VPN for your moderate needs. It's cogent too. On 2/28/06, Malcolm Sperry wrote: > Could someone help me with this? I'm a writer working in the area of vote > security and have been coming up with some out of the box solutions to the > problem of the stolen vote.See www.howtorescueamerica.com for a couple of > them. > > About four years ago I began to notice some rather strange things > assocciated with my internet connection. I operate wireless because I live > on a boat that is anchored in a bay in the western part of the US. It is > anchored only a mile or so away from a military complex. > > I assumed from the beginning that what I do was being monitored and > frankly, niaively didn't mind. You see I thought government had an > overriding interest and that it was reasonable for me to put up with such an > intrusion for the sake of the security of this country. > > The 'strange things' I noticed began the very day I went to post an email > to various politco-literary websites asking if they would publish an article > that was eventually published by centrexnews, an on-line experiment of the > Washington Post. The article was called How To Save America and was very > well received. > > After that I began to post other rather "creative" solutions to the > problems we're facing and just when I'd go to post them, my troubles with my > internet connection would begin again. I mean disconnects, switching to > other SSIDs and undelivered email. > > I can only guess at the source of my troubles, but it seems unlikely anyone > would tip their hand by interfering with someone excercising their first > amendment rights in what must be a highly monitored area such as mine. > Therefore, I've begun to suspect some government agency or over sealous > individual within an agency of interfering with the normal process of > democracy. > > Is this what it all is going to come too? We give government lattitude to > monitor only to have significant communications interfered with. That is why > I'm writing you today. > > I'd like to get a VPN. I tried the big VPN service whose name I won't > mention. It seemed OK, but for some reason decided to go with another > service in Canada called Findnot. God, talk about a time. From the > beginning, everytime I'd get on with Findnot my connection would be knocked > around. Finally I gave up trying and began to wonder why the same thing > hadn't happened with the other service. > > So, I guess my question is; can anyone recommend a VPN service that I can > rely on, and maybe more important, how do you know if it is truly reliable? > Thanks/mac > I > > _______________________________________________ > VPN mailing list > VPN at lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/vpn > > -- ----------------------------------------------------------------------- Regards, Virendra Yelurkar, Project Engineer, Nisg,C-DAC R&D, Pune. "emotions provoke the desire but ........kills the performance!"