On Thu, 2004-06-03 at 12:53, Derek Storvik wrote: > Iâm having trouble with NAT and VPN > > > > I have a linux server running Fedora core 1 that is a > NAT/FIREWALL/VLAN/DHCP server for a large client network. > > > > Internet > > | > > | > > Linux > > | > > | > > Large network with many vlans and 1000 nodes or so. > > > > > > The internal network is natted to the 10.0.0.0 network and my clients > can not VPN out to the internet. Specifically they get back an error > 619 > > What has to be done to allow VPN to traverse through the firewall and > NAT? at the moment the firewall rules are wide open to make sure > that isnât my issue. <snip> A few questions . . . What type of VPN are they attempting to access? I assume they are using some kind of VPN client and you are not talking about a site to site connection. What client are they using? If you are using an IPSec client, one either needs to give each a dedicated one-to-one mapped public address or use NAT Traversal (must be enabled on both sides of the connection). Are you sure that the client is comfortable allowing people on the inside to VPN to some connection on the outside? There is a real possibility that whatever is on the other side will now be able to access your client's internal network through the same VPN connection. > -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
