[nycbug-talk] need help asap, will pay, ms vpn client
Tue Mar 1 21:50:46 EST 2005
On Tue, Mar 01, 2005 at 09:38:02PM -0500, Jesse Callaway wrote:
>On Tue, Mar 01, 2005 at 08:45:28PM -0500, George Georgalis wrote:
>> On Tue, Mar 01, 2005 at 08:35:17PM -0500, marco at metm.org wrote:
>> >I hate fxxxing mixed OS vpn setups.
>> >All I can say is I've been there, more undocumented incompatible crap
>> >than you can shake a stick at. I would love for someone to prove me
>> >wrong and that in fact I am the dummy who just did not understand.
>> which is a great segue,
>> I'm thinking the problem has been client firewalls. And the solution is
>> to replace them with linksys vpn firewalls
>> client - linksys vpn - internet - vpn linksys - private lan
>> which should leave the least room for error, easiest to setup and
>> support. comments? "of course you idiot" variety welcome.
>> // George
>of course, I thought you were talking about IPSEC enabled firewall/gateways. Yes. Once you do that the problem will be a non-issue. You just "do it" on the MS side, lordy lordy. Were you leaving the IPSEC ports completely open? Where did they forward to? What about NAT? Yeah, once you have these guys up facing the outside it should be no problem.
>I've done it w/o problems when you have the VPN device sitting at the edge. Otherwise you will have to invest some time.
the vpn router is on the edge, but since the client has their own edge
firewall, support for that and their system will be excessive. seems
simpler to give them an edge vpn / firewall. then there is zero config
on the client host, the remote network is joined by the edge devices,
edge, edge, edge is the answer, I think, don't have an extra one yet.
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org
More information about the talk