[Techtalk] networking/iptables/security course?

Bowen, Tricia tbowen at CapitalThinking.com
Tue Feb 18 12:34:48 EST 2003


Hi Kelly,
Thanks for the response. I'm trying to connect to different endpoints. It
looks like the NAT engine is having trouble connecting to the same UDP port.
Both VPN's are on port 500. I just don't know that much about networking to
find an end around... as yet! The ports are corporate networks ports and
therefore I have virtually no way of changing either ports.
--Tricia


-----Original Message-----
From: Kelly Martin [mailto:kmartin at pyrzqxgl.org]
Sent: Tuesday, February 18, 2003 10:57 AM
To: Bowen, Tricia
Cc: techtalk
Subject: Re: [Techtalk] networking/iptables/security course?


Bowen, Tricia wrote:
> 
> I would be interested in the Basic Networking/Basic Security ones. I've 
> got a wireless router at home right now that works fine. Wireless 
> connection on the laptop and ethernet on the desktop. I need to figure 
> out how to get VPN running on both the laptop and the desktop 
> concurrently, but haven't been able to structure my time to pay enough 
> attention to it. A course would help.

Getting VPNs to work through a NAT depends on the VPN configuration.  If 
the VPN uses AH-ESP (IP protocol 50) tunneling, and both VPN sessions 
are being established to the same endpoint, the NAT engine will not be 
able to tell which private address to send the session to.  (If 
different endpoints are used, the incoming ESP packets will have 
different sources and the NAT engine may or may not be able to 
distinguish them, depending on how it's implemented.  My g/f and I have 
not yet tested this with our respective corporate VPNs.)

On the other hand, tunneling based on TCP should generally work; 
tunneling based on UDP may or may not depending on session 
characteristics and the type of firewall.  Most VPNs these days are set 
up to run with AH/ESP tunneling, although more people are using TCP or 
UDP tunneling to deal with snarky ISPs that filter protocol 50 because 
"it's a business service".

This sort of knowledge would not be acquired in a basic or intermediate 
course in networking.  You have to have a pretty solid understanding of 
how NAT and VPNs for this sort of problem.

Kelly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linuxchix.org/pipermail/techtalk/attachments/20030218/4b33a3cd/attachment.xhtml


More information about the Techtalk mailing list