[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] L2TP tunneling through FW-1
As far as I understand, you're not able to NAT L2TP Wink2 traffic at all, because it breaks IPSEC. The firewall will just see encapsulated traffic, so you'll just be able to allow IPSEC traffic to servers or not. You will not be able to filter on source/dest port as that info is not available until the packet is decrypted, which will happen behind the firewall at the Win2k server. I suppose your alternatives are either not to NAT the traffic or forget Win2k security and use secure remote instead. Darren -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: 02 October 2000 18:36 To: [email protected] Subject: [FW1] L2TP tunneling through FW-1 Hi everyone, One of our customers wants us to set up an L2TP tunnel through Firewall-1. The aim is to let external W2K clients connect to a W2K RAS-server in the DMZ using W2K encryption features (IPSEC encapsulated in L2TP). I am not familiar with L2TP and would like to know if it is possible with and without NAT on FW-1. As far as I understand, FW-1 can't apply rules to these packets or perform NAT on them. Anyone has any experience with this? TIA, Tim De Boeck System Engineer Econocom Services ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|