I have gotten both vpn's coexisting nicely with each other. I can now connect to my desktop at work via vnc. It looks like I can now remove my windows partition...YEA! Now for my final issue. I have not been able to configure my cisco vpn to allow me access to my local lan when connected the vpn is running. This is proving to be most inconvenient because I do have a web server running that is accessable to the outside world. Unfortunately the webserver is unavailable when the vpn is activated. I am thinking that if I add a second nic card to the box and configure it properly that I should be able to have one card handle the webserver traffic and the other card will handle the vpn traffic. Does this seems like a sane configuration? If so can someone point me to documentation that will explain how to accomplish this. Thanks again, Mike

Well, my editor ate that one... Let's try this again.

On Tue, Dec 24, 2002 at 05:58:15PM -0500, Michael Long wrote: mlong> it if anyone could give me some clues or at least some intelligent mlong> questions to ask so that I might make this thing work. It is sometimes mlong> necessary to "help" the help desk in order that they can help you. :)

"VPN" can mean many things... but usually it means a PPTP or IPsec encrypted tunnel. IPsec uses port 500/udp for ISAKMP key exchange, and IP Protocol number 50/51 for ESP/AH encryption/authentication (i.e., not TCP or UDP).

IPsec wasn't designed to work with the hack that is NAT (Network Address Translation, Internet Connection Sharing), so if you are sharing one real IP address to multiple computers with a Linksys, you can run into issues. Basically, vendors like Linksys have hacked around the IPsec limitation to make it sort of work through the NAT. Make sure you have turned on the "IPsec passthrough" features of your router (NOT IPsec/VPN endpoint). You should also look for an upgrade to the Linksys firmware to see if it addresses your issue... It is hit-or-miss often times with these SOHO routers. Good luck.

mlong> Part 2: I am planning to fire up a vpn connection to my employer on mlong> Thursday for the first time. Are there any issues running 2 vpn mlong> connections behind a firewall.

The IPsec through NAT hack I mentioned above usually only works with ONE IPsec session at a time, so if both VPN's use IPsec, you may be out of luck unless you take turns using the VPN software. On the other hand, some vendors have figured out a way to allow multiple IPsec sessions to work through NAT at once...

It could be that one or both VPN's are using a technology other than IPsec, in which case, the issues are completely different. PPTP usually works fine through NAT, for example. There are other protocols as well, which may or may not work through NAT.

In addition, if they are using IPsec with a Nortel Networks Contivity VPN switch on their end, it may have a feature called "NAT Traversal" which wraps the entire IPsec flow in UDP packets (the administrator chooses the port number, but Nortel recommends 10001/udp). If this is the case, it might make sense to turn OFF any IPsec-passthrough features of your router, so that the NAT Traversal kicks in.

-- Charles R. Anderson <cra@wpi.edu> / http://angus.ind.wpi.edu/~cra/ PGP Key ID: 49BB5886 Fingerprint: EBA3 A106 7C93 FA07 8E15 3AC2 C367 A0F9 49BB 5886

_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug