[ previous ] [ next ] [ threads ]
 
 From:  "Alex Randjelovic" <alexr at atnetplus dot com>
 To:  "Daniele Guazzoni" <daniele dot guazzoni at gcomm dot ch>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] MonoWall and PIX
 Date:  Tue, 18 Apr 2006 22:02:41 -0400
Thank you for your reply. 
Is UDP 4500 inbound the only port that needs to be open? How about
protocol 50 and 51, and UDP 500?

Alex

-----Original Message-----
From: Daniele Guazzoni [mailto:daniele dot guazzoni at gcomm dot ch] 
Sent: Tuesday, April 18, 2006 6:28 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] MonoWall and PIX

You can use NAT on the m0n0wall but you will need to configure NAT-T on
the PIX.
If you want to run NAT-T you need to allow UDP-4500 through the
m0n0wall.
This would work.

The Cisco alternative would be the VPN-Concentrator (3000 series) which
allows 
IPsec over TCP (default is TCP-10000) and is not affected by NAT.

Daniele

Alex Randjelovic wrote:
> Thank you for your reply.
> I don't think PIX will support PPTP. Also, if upstream monowall
provides
> NAT, will IPSec be able to go through NAT and terminate to downstream
> PIX?
> One more question. If I configure OPT interface on upstream monowall
to
> be in bridge mode with WAN interface, would I need one public IP
address
> for monowall WAN interface, and one for PIX?
> 
> Alex
> 
> -----Original Message-----
> From: Lee Sharp [mailto:leesharp at hal dash pc dot org] 
> Sent: Monday, April 17, 2006 1:30 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] MonoWall and PIX
> 
> From: "Alex Randjelovic" <alexr at atnetplus dot com>
> 
>>I have interesting challenge. Our company has cable Internet line with
>>single static IP address. I need to setup monowall connected to the
>>cable line, and after monowall PIX 501 that will terminate VPN
>>connections and provide Internet access for LAN users. Between
> 
> monowall
> 
>>and PIX there will be DMZ, providing wireless clients with Internet
>>access (via wireless AP). Unfortunately, company requirement is to
>>terminate VPN connections on the PIX, not monowall.
> 
> 
>>To be able to setup PIX as VPN device, I have to pass all traffic from
>>monowall to PIX. I don't think bridge mode would work, because there
> 
> is
> 
>>only 1 public IP address.
> 
> 
> Under VPN -> PPTP, check "Redirect incoming PPTP connections to:" and
it
> 
> works.  Unless you are under IPsec, and I haven't tried that one.
> 
>                         Lee 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 

-- 



	best regards

------------------------------------------------------------------
Daniele Guazzoni
Senior Network Engineer, CCNA, CCNP

Ackersteinstrasse 203
CH-8049 Zurich
------------------------------------------------------------------
"Destiny is not a matter of chance, it is a matter of choice;
it is not a thing to be waited for, it is a thing to be achieved."
					William Jennings Bryan

GPG Fingerprint: 46EF FB0A A405 659F FB63 860B 6059 7A22 F58E 830E


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch