[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec VPN Gateway
Yes. Remote Access is very common scenario. IPSEC implementations
(we do this, not sure of others) do this in two ways.
A. VPN gateway on the corporate edge should be configurable in
'responder-only' mode. It is expected that VPN client always
initiates the connection. There could be multiple
responder-only mode
IKE policies. The way to select the right IKE policy is based
on remote
user identification. This is possible only if Aggressive mode
is used OR
main mode with certificates are used. Main mode with
preshared keys
can't be used.
B. If your VPN client software has dynamic DNS capability, then
you can create
user based FQDN for each user. VPN gateway can be configured
to have
domain name in place peer security gateway IP address.
Ravi
Yi-Wen Liu wrote:
> Hi folks: I have a question of VPN gateway. If a user's IP = is assigned
> by DHCP on external network, can he communicate with Intranet through
> the VPN gateway? Anybody knows? Please help me. Thanks a lot! Best
> Regards, Tim Liu
--
The views presented in this mail are completely mine. The company is not
responsible for whatsoever.
------------------------------------------------------------------------
Ravi Kumar CH
Rendezvous On Chip (i) Pvt Ltd
Hyderabad, India
Ph: +91-40-2335 1214 / 1175 / 1184
ROC home page <http://www.roc.co.in>