I have gotten both vpn's coexisting nicely with each other. I can now connect to my
desktop at work via vnc. It looks like I can now remove my windows partition...YEA!
Now for my final issue. I have not been able to configure my cisco vpn to allow me access
to my local lan when connected the vpn is running. This is proving to be most inconvenient
because I do have a web server running that is accessable to the outside world.
Unfortunately the webserver is unavailable when the vpn is activated. I am thinking that
if I add a second nic card to the box and configure it properly that I should be able to
have one card handle the webserver traffic and the other card will handle the vpn traffic.
Does this seems like a sane configuration? If so can someone point me to documentation
that will explain how to accomplish this.
Well, my editor ate that one... Let's try this
On Tue, Dec 24, 2002 at 05:58:15PM -0500, Michael Long wrote:
mlong> it if anyone could give me some clues or at least some intelligent
mlong> questions to ask so that I might make this thing work. It is sometimes
mlong> necessary to "help" the help desk in order that they can help you.
"VPN" can mean many things... but usually it means a PPTP or IPsec
encrypted tunnel. IPsec uses port 500/udp for ISAKMP key exchange, and
IP Protocol number 50/51 for ESP/AH encryption/authentication (i.e., not
TCP or UDP).
IPsec wasn't designed to work with the hack that is NAT (Network Address
Translation, Internet Connection Sharing), so if you are sharing one
real IP address to multiple computers with a Linksys, you can run into
issues. Basically, vendors like Linksys have hacked around the IPsec
limitation to make it sort of work through the NAT. Make sure you have
turned on the "IPsec passthrough" features of your router (NOT IPsec/VPN
endpoint). You should also look for an upgrade to the Linksys firmware
to see if it addresses your issue... It is hit-or-miss often times with
these SOHO routers. Good luck.
mlong> Part 2: I am planning to fire up a vpn connection to my employer on
mlong> Thursday for the first time. Are there any issues running 2 vpn
mlong> connections behind a firewall.
The IPsec through NAT hack I mentioned above usually only works with ONE
IPsec session at a time, so if both VPN's use IPsec, you may be out of
luck unless you take turns using the VPN software. On the other hand,
some vendors have figured out a way to allow multiple IPsec sessions to
work through NAT at once...
It could be that one or both VPN's are using a technology other than
IPsec, in which case, the issues are completely different. PPTP usually
works fine through NAT, for example. There are other protocols as well,
which may or may not work through NAT.
In addition, if they are using IPsec with a Nortel Networks Contivity
VPN switch on their end, it may have a feature called "NAT Traversal"
which wraps the entire IPsec flow in UDP packets (the administrator
chooses the port number, but Nortel recommends 10001/udp). If this is
the case, it might make sense to turn OFF any IPsec-passthrough features
of your router, so that the NAT Traversal kicks in.
Charles R. Anderson <cra(a)wpi.edu> / http://angus.ind.wpi.edu/~cra/
PGP Key ID: 49BB5886
Fingerprint: EBA3 A106 7C93 FA07 8E15 3AC2 C367 A0F9 49BB 5886
Wlug mailing list