Lilia Miltcheva <miltcheva @
unicc .
org> asked "
"I'm keen on using the AltaVista Tunnel and have already a lot of
requests for providing the service. I have a question :
We are currently using Alta Vista FW for Unix and behind it we have
class C addresses that we once got by EUnet. Than we changed the ISP and
renumbered our "red" (external) network, but on the internal ("blue")
WAN we kept the old IPs as there are anyhow not accessible from the
Internet.
What is going to happen if a remote client, using AVT connects to our
AVT server, gets the numbers of the private networks (for example
193.72.45.0) and starts tunneling, but at the same time there is a
server somewhere on the Internet that has address let's say 193.72.45.20
(same class C). How this clash could possibly be menaged?"
- -------------
Before I continue I would like to state that I am not an expert on the
Alta Vista Tunnel. I have only installed it a couple of times and
write the following based on that. Maybe it will help.
I don't believe that there is anything to worry about
as far as a clash is concerned. This is because while you set up the
VPN (Virtual Privat Network) you need to define the IPs of the
applicable FW's. In essence, the target address is encapsulated and
passed through the firewalls. The destination firewall will pass the
data to the Tunnel Server where it will be handled as needed.
Therefore, as long as there is no clash with Firewall addresses, there
should not be a problem.
Another point, it is also possible to load the AVT on the FW machine,
but I think most prefer to load it onto a seperate machine behind the
destination firewall.
Ciao,
Arjo
|
|
