Saturday, March 26, 2005

A Perplexing Problem

I have been working on a VPN project for a health care customer for nearly two weeks. The local company is switching software and requires a VPN connection with the new company. We have traditionally used Sonicwall for our VPN/firewall units. After installing and configuring the Sonicwall, the VPN come up immediately but would not inniate from the other end. Before I could address this issue, the DSL circuit was moved and remained unstable for a number days.

The configuration involves a Qwest DSL circuit with an Actiontec modem/router. The Sonicwall sits behind the router, set to transparent mode. The Actiontec provides NAT services and passes the IPSEC information to the Sonicwall. The Sonicwall has a setting called NAT Traversal which allows it to route the VPN tunnel through another NAT device. Thus, a VPN between two Sonicwalls, or similar devices, is quite simple over the standard DSL circuit.

After several sessions and discussions with Sonicwall tech support, the situation did not change. The device on the other end was a Nortel Contivity 5000. No one at Sonicwall had any prior experience connecting to this device. Finally, the network tech at the other end realized that the Sonicwall on this end was behind a NAT device. He stated that to the best of his knowledge, the Nortel would not bring up a VPN through a NAT connection. The Sonicwall would have to have a true external IP.

The standard Qwest DSL connection in this area uses an Actiontec modem connecting with PPOa. This allows the Actiontec to forward a user name and password for authentication. The Actiontec has a public IP on the DSL side and a locally assigned private IP on the network side. The Sonicwall, in transparent mode, has another locally assigned IP on its WAN port.

To work correctly in the situation I was in, the Actiontec must be set in bridge mode so the public IP is assigned to the Sonicwall's WAN port. This prevents the Actiontec from passing a username/password to the ISP. The Sonicwall does not do PPOa, only PPOe. Consequently, the ISP has to configure the connection to authenticate in some other manner.

In this case, the ISP, Cybertrails, offered authentication with a dedicated IP. The connection was configured, I reset the Actiontec and Sonicwall, and up came the VPN.

6 comments:

Anonymous said...

viagra or cealis can women take viagra viagra covered by insurance viagra shelf life can women take viagra cheap generic viagra cialis super viagra make your own viagra pharmacy viagra buy viagra online at viagra soft tabs viagra pill viagra rx viagra attorney columbus

Anonymous said...

[B]NZBsRus.com[/B]
Dismiss Slow Downloads Using NZB Files You Can Rapidly Find Movies, Games, MP3 Albums, Software & Download Them at Dashing Rates

[URL=http://www.nzbsrus.com][B]Usenet[/B][/URL]

Anonymous said...

Predilection casinos? weed at fault this advanced [url=http://www.realcazinoz.com]casino[/url] commander and walk mad essence up online casino games like slots, blackjack, roulette, baccarat and more at www.realcazinoz.com .
you can also read our new-fashioned [url=http://freecasinogames2010.webs.com]casino[/url] orientate at http://freecasinogames2010.webs.com and celebration earthly folding transmutation !
another groovy [url=http://www.ttittancasino.com]casino spiele[/url] subterfuge is www.ttittancasino.com , in the flotilla of german gamblers, slip in unstinting online casino bonus.

Anonymous said...

check vanish this gratis [url=http://www.casinoapart.com]casino[/url] hand-out at the prime [url=http://www.casinoapart.com]online casino[/url] signal with 10's of fond of [url=http://www.casinoapart.com]online casinos[/url]. commit oneself [url=http://www.casinoapart.com/articles/play-roulette.html]roulette[/url], [url=http://www.casinoapart.com/articles/play-slots.html]slots[/url] and [url=http://www.casinoapart.com/articles/play-baccarat.html]baccarat[/url] at this [url=http://www.casinoapart.com/articles/no-deposit-casinos.html]no up casino[/url] , www.casinoapart.com
the finest [url=http://de.casinoapart.com]casino[/url] to UK, german and all from reduce to strong the world. so in rank of the peak [url=http://es.casinoapart.com]casino en linea[/url] confirmation us now.

Anonymous said...

These are the few simple criteria that address these loans to grab assets within 24 hours. [url=http://paydayloanscoolp.co.uk]payday uk[/url] Though the loan amount bearing to be disappointing but online for bad accept loans. You will not be asked loans come in.

Anonymous said...

Person with cheetah fancy dress normally requires it to reveal excellent chest in addition to touch your ex pleasant thighs and legs and the body. [url=http://www.xvideos.com/video1774886/tanned_wife_rubs_the_cock]Golden-haired along with large clitoris offers intercourse using boyfriend[/url] 3d images toon teen brand having great juggs takes plus flights a new penis and at last receive many jizz everywhere on the woman facial area. , Naughty Babe Needs a Huge Tool Beautiful redhead having pouty location becomes twisted increase as well as twice fisted in their throbbing moist cunt. http://www.xvideos.com/video1884024/banging_black_cutie_on_the_corridor The busty machine bangers assault , Sizzling chinese adolescent young lady building her own kid pal straight in addition to a popular hit occupation taking inside mouth area