Re: VPN Question

["Gabriel Orozco" <gabriel_orozco () mx sumida com>]

This is due to the kind of VPN you are using.

by design, IPSec does not allow any of both peers to be behind a NAT. there
are some ways to overcome the problem, but they work mostly when the NATed
end is known and you have a way to overpass the problem.

behind a NAT in a hotel, it will be a problem.

why don't you try PPTP, or better, a box with OpenVPN running over Linux,
OpenVPN works using a high UDP port, and the good news are they have ported
it to Win32 (Currently WinXP,2000,NT). this way, your "Road Warriors" will
be able to connect from nearly everywhere without problems.

And what about licenses? here they cost 0.00 .. dificult to beat for one of
the best SSL/TLS based VPN's out there in the marked, isn't it? ;-)

We had to trash a Sonicwall box in favor of a Linux box because we were
unable to route two big networks properly. They finally let me put a Linux
solution and we have now more than six months without problems. this was
network to network, but I use openvpn myself, along with pptp, and they work
eveywhere.

http://www.openvpn.org

Best Regards
Gabriel

----- Original Message -----
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
To: "Jim Brezicky" <brezicky () infimed com>;
<security-basics () securityfocus com>
Sent: Friday, August 22, 2003 3:31 PM
Subject: RE: VPN Question


> Jim,
>
> This is a hotel issue.  If it works in some and not in others, it means in
> this case that the source is the problem.  Unless you have round robin VPN
> IP addresses and your users do not know what the IPs are?  Which I highly
> doubt and why would you want to do this?
>
> Regards,
>
> Greg DeGennaro Jr., CCNP
> Security Analyst
>
>
> -----Original Message-----
> From: Jim Brezicky [mailto:brezicky () infimed com]
> Sent: Friday, August 22, 2003 10:29 AM
> To: security-basics () securityfocus com
> Subject: VPN Question
>
>
>
>
> Good afternoon all,
>
> This posting is a little off track, but I'm hoping someone can help me
> anyway.
>
> I have a SonicWall Pro230 and I'm trying to do VPN with it. My users
> connect from some locations and not others. Example: They could connect
> from the Airport in Cincinnati, but not the airport in Las Vegas. Seems
> they can't connect in many (if any hotels). In speaking with SonicWall
> they said this is a known issue when connecting through a firewall on the
> hotel side.
>
> I know I'm not the first company to try this, and was wondering how others
> get by this issue? Or is this an inherent SonicWall issue.
>
> Most of my users are traveling Sales people, and will go all around the
> US, and Japan.
>
> Any insight would be GREATLY appreciated.
>
> Thanks,
>
> Jim Brezicky
> InfiMed Inc
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
> --------------------------------------------------------------------------
-
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event.  Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
> --------------------------------------------------------------------------
--
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------