[SunHELP] my VPN

Austad, Jay sunhelp at sunhelp.org
Tue Mar 13 08:31:27 CST 2001


PPTP and L2TP do not work when the client is NAT'd (the server can be NAT'd,
but not the client), unless the firewall knows about the protocol and can
modify the contents of the GRE packets going out.  Cisco PIX firewalls are
not PPTP or L2TP aware (I've submitted it as an enhancement request several
times over the last couple of years).  AFAIK, Checkpoint does not work
either.  It's pretty much hit or miss depending on what type of firewall you
are using.

Apparently Cisco's PPTP VPN client will work from behind a NAT device
because they did something to it which breaks the spec, but makes it work.
However, it looks as though it only runs under MS windows.  

Jay



> -----Original Message-----
> From: Big Endian [mailto:bigendian at mac.com]
> Sent: Monday, March 12, 2001 6:25 PM
> To: sunhelp at sunhelp.org
> Subject: Re: [SunHELP] my VPN
> 
> 
> >looks like being behind the firewall at work and unable to 
> get it reconfigured
> >means almost all VPN implementations are busted.  looks like 
> i'll have to
> >resort to the ssh+ppp type solution.
> >
> >except the only think i can find about it says i need Linux 
> but i don't run
> >linux, i run Solaris.  hmmmm.  is there a way to pipe ip.tun 
> over ssh?  or
> >to use ssh+ppp on Solaris?
> >
> >any pointers welcome, still haven't found anything yet myself.
> >
> >-brian
> >_______________________________________________
> >SunHELP maillist  -  SunHELP at sunhelp.org
> >http://www.sunhelp.org/mailman/listinfo/sunhelp
> 
> the other thing you might try is PPTP.  Its microsoft, its ugly, but 
> it DOES work with NAT and most firewalls.  Search google for PoPToP.
> 
> Daniel Mayfield
> _______________________________________________
> SunHELP maillist  -  SunHELP at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/sunhelp
> 



More information about the SunHELP mailing list