Shortpier wrote:
> Question for anyone.
>
> I have a client with a Linux box used as a firewall/NAT/router They are
> a medical clinic and need to bill a Corp in Anchorage over the
> internet, The corp gave them a CISCO IPSEC vpn clinet for windows,
> This must be usable on 90% of the workstations (XP, 2k,Win98) the
> software WILL NOT CONNECT .
>
>
> Any Ideas? Sugestions? anyone?
>
> I do not want to expose the workstions to the INET anymore then I have
> to (NOTHING right now is directly routed from the net) as the patch
> support can be interesting ( Can you say ZOMBIE easy).
>
> Shortpier
If the people that gave you the client are willing to route traffic to
your local network though the IPSEC tunnel then you can put a IPSEC
gateway on the linux host and setup the routing table to route traffic
to the tunnel. That way you only support one client and new machines on
the network will have access.
While I'm not up on IPSEC beyond setting up my own ipsec gateway a quick
google reveled:
IPSec NAT Transparency: The IPSec NAT Transparency feature introduces
support for IP Security (IPSec) traffic to travel through Network
Address Translation (NAT) or Point Address Translation (PAT) points in
the network by addressing many known incompatabilites between NAT and
IPSec. NAT Traversal is a feature that is auto detected by VPN devices.
There are no configuration steps for a router running Cisco IOS Software
Release 12.2(13)T above. If both VPN devices are NAT-T capable, NAT
Traversal is auto detected and auto negotiated.
As long as both ends support NAT transparency it should work given that
you are not blocking a needed udp port in your firewall.
HTH,
schu
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Jun 3 13:12:23 2004
This archive was generated by hypermail 2.1.8 : Thu Jun 03 2004 - 13:12:23 AKDT