RE: [PCTECH] Re: Wireless AP with VPN

[vhamberg@xxxxxxxxxxx]

All I know is, the LinkSys VPN router we connected to from clients used NAT and 
also passed IPSEC - or something. I don't know what to say, except it worked 
fine.

Vern

-------------- Original message -------------- 

> >NAT & IPSEC can get along just fine. 
> 
> Really? I'm no expert, but can you explain how? 
> 
> As I understand it an IPSEC packet it encrypted at the client (my PC) 
> and sent to the server. Now, when it's encrypted at the client I have an 
> internal IP address (in my case 10.100.10.35 for example) and that IP 
> address, in some cases, is embedded in the packet that gets encrypted 
> (FTP being a prime example). Now, since the NAT proxy can't see inside 
> the encrypted packet it has no way of changing that address from the 
> internal one to the external one. I guess for some protocols this 
> wouldn't cause a problem, but for others it will. Even Cisco's write-up 
> on NAT-T says it doesn't solve the embedded ip problem. 
> 
> -Walden 
> 
> ------------ 
> Walden H Leverich III 
> President & CEO 
> Tech Software 
> (516) 627-3800 x11 
> WaldenL@xxxxxxxxxxxxxxx 
> http://www.TechSoftInc.com 
> 
> Quiquid latine dictum sit altum viditur. 
> (Whatever is said in Latin seems profound.) 
> 
> 
> 
> -----Original Message----- 
> From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx] 
> On Behalf Of Vernon Hamberg 
> Sent: Tuesday, 25 January, 2005 08:39 
> To: PC Technical Discussion for iSeries Users 
> Subject: Re: [PCTECH] Re: Wireless AP with VPN 
> 
> NAT & IPSEC can get along just fine. The LinkSys WRV54G can handle up to 
> 50 
> tunnels. It is wireless-G, so it's fairly fast. Also is a 4-port full 
> duplex 1/100 switch. At my previous job we used LinkSys' earlier BEFVP41 
> - 
> up to 70 tunnels. There are also the RV016 and RV082 - 50 tunnels, 16 & 
> 8 
> wired ports respectively. 
> 
> I don't think any of these use digital certificates for client access - 
> could be wrong, I did just a brief survey of the user guides. They use 
> preshared keys. Maybe this does not matter if going from device to 
> device. 
> 
> HTH 
> Vern 
> 
> At 12:37 AM 1/25/2005, you wrote: 
> >On Mon, 24 Jan 2005 15:10:55 -0700, michael@xxxxxxxxxxxxxxxxxx 
> > wrote: 
> > > IPSec...yeah...that's my problem. I was looking at the Linksys 
> BEFSX41 
> > > router, and thinking of connecting that to my current wireless AP, 
> but 
> > > I don't know if that would buy me anything. I guess I could go 
> > > wired...my house has the connectivity, just need to hook up the 
> patch 
> > > panel, but I'd really like to stay wireless if I could. 
> > 
> >Are there wired Cable/DSL routers that support multiple IPSec 
> >conversations at the same time. I gathered from Walden's comment that 
> >NAT and IPSec don't get along well. 
> > 
> >-- 
> >Tom Jedrzejewicz 
> >tomjedrz@xxxxxxxxx 
> >-- 
> >This is the PC Technical Discussion for iSeries Users (PcTech) mailing 
> list 
> >To post a message email: PcTech@xxxxxxxxxxxx 
> >To subscribe, unsubscribe, or change list options, 
> >visit: http://lists.midrange.com/mailman/listinfo/pctech 
> >or email: PcTech-request@xxxxxxxxxxxx 
> >Before posting, please take a moment to review the archives 
> >at http://archive.midrange.com/pctech. 
> 
> -- 
> This is the PC Technical Discussion for iSeries Users (PcTech) mailing 
> list 
> To post a message email: PcTech@xxxxxxxxxxxx 
> To subscribe, unsubscribe, or change list options, 
> visit: http://lists.midrange.com/mailman/listinfo/pctech 
> or email: PcTech-request@xxxxxxxxxxxx 
> Before posting, please take a moment to review the archives 
> at http://archive.midrange.com/pctech. 
> 
> -- 
> This is the PC Technical Discussion for iSeries Users (PcTech) mailing list 
> To post a message email: PcTech@xxxxxxxxxxxx 
> To subscribe, unsubscribe, or change list options, 
> visit: http://lists.midrange.com/mailman/listinfo/pctech 
> or email: PcTech-request@xxxxxxxxxxxx 
> Before posting, please take a moment to review the archives 
> at http://archive.midrange.com/pctech.