[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: scenario: Authenticated Firewall Traversal

To: "William Allen Simpson" <bsimpson@morningstar.com>, ipsec@ans.net
Subject: Re: scenario: Authenticated Firewall Traversal
From: Robert Moskowitz <rgm3@is.chrysler.com>
Date: Thu, 09 Nov 1995 07:30:43 -0500

At 07:49 AM 11/2/95 -0500, Robert Moskowitz wrote:
>At 02:10 PM 10/25/95 GMT, William Allen Simpson wrote:
>>An administrator has one or more networks, and a number of mobile users.
>>It is desirable to restrict access to authorized external users. The
>>boundary router is 3.0.0.3.
>>
>>Each user adds commands to tunnel and authenticate.
>>
>>   route addp 3.0.0.0/8 tunnel 3.0.0.3
>>   secure 3.0.0.3 authenticate-only
>>
>I want to walk through this example a lot slower with some 'real world'
>flavor to it.
>
>First off, the external reachable address is not on the same network as the
>internal stuff (firewall is a CIDR block, internal is a registered B and
>some 1597 nets).  So:
>

We did a 'walk' through on this yesterday and came up with the following
methodology:

Couple the access server with NAT functionality.

The DNS question will require testing, but I hope that listing the internal
DNS first is the way to go.

Robert Moskowitz
Chrysler Corporation
(810) 758-8212

Prev by Date: Re: Interop
Next by Date: Re: Interop
Prev by thread: Re: scenario: Authenticated Firewall Traversal
Next by thread: CFP: Special issue on ATM Switching
Index(es):
- Main
- Thread