When the tunnel connection is established, the first thing that's done is
that an address is downloaded and bound to the tunnel pseudo adapter. The
next thing that happens is a routing packet is downloaded, and those
routes are associated with the tunnel pseudo adapter. After that,
anything destined for the private network (as defined by the routes
downloaded to the client by the server) will "magically" be encrypted and
routed to the tunnel server.
Jeff Needle, AltaVista engineering
On Tue, 4 Feb 1997, Arjo Mukherjee 4663 wrote:
> Date: Tue, 4 Feb 97 15:20:10 +0100
> From: Arjo Mukherjee 4663 <mukherje @
ebo .
dec .
com>
> To: Firewalls @
GreatCircle .
COM
> Subject: RE: AVT configurations
>
>
>
> ----- Forwarded message follows -----
> Delivery-Date: Tue, 4 Feb 97 14:58:27 +0100
> To: Lilia Miltcheva <Miltcheva @
unicc .
org>
> Subject: RE: AVT configurations
> In-Reply-To: <c=CH%a=400net%p=unicc%l=NEW-EXCHANGE-970204131239Z-3793 @
new-exchange .
unicc .
org>
> References: <c=CH%a=400net%p=unicc%l=NEW-EXCHANGE-970204131239Z-3793 @
new-exchange .
unicc .
org>
> X-Mailer: MAILworks 1.7-A
> From: Arjo Mukherjee 4663 <mukherje>
> Date: Tue, 4 Feb 97 15:15:40 +0100
> Message-ID: <970204151540 .
3603 @
beux1 .
ebo .
dec .
com>
>
> I have the feeling that every session that wants to use the AVT, has to
> be defined on the local clients. In other words, if you want to telnet
> using the VPN, then you have to set up a defined session with the link
> pointer to the local Tunnel. Otherwise, the routing will default wise
> direct the path to the firewall and out int the internet.
>
> I guess the question you have is how to set up the applicatiions on the
> local client to let it know when to use the Tuneel and when not to use
> it.
>
> >From the sparse docs that I could read, it appears as if on the local
> clients, ie. PC,s etc, one copies a couple of files, which the tunnel
> admin provides. These have the definitions for the tunnel path.
>
> It appears that if the user wants to use the tunnel, he needs to click
> on the application to activate the link to the tunnel components, and
> then he can use the VPN.
>
> Otherwise, it defaults to the firewall and out into the internet.
>
> Seems like the user has to activate the tunnel link if he wants to use
> it.
>
> Arjo
>
> > > Hi, Arjo!
> >
> > Thanks to have answered my mail.
> >
> > I do not worry about the routing. The question is if we have a duplicate
> > IP on the private network and on the Internet, which way the connection
> > is going to be decided - to go through the tunnel or through the regular
> > (ISP) way?
> > During the initial handshake the AVT server gives the IP numbers of the
> > private networks to the tunnel client. Logically than, any IP belonging
> > to one of those networks will be routed through the tunnel. This means
> > that if there is another host on the Internet with the same IP, it will
> > never be reached as far as the tunnel is up...
> >
> > Thanks, Lili
> >
> >
> > >----------
> > >From: Arjo Mukherjee 4663[SMTP:mukherje @
ebo .
dec .
com]
> > >Sent: Tuesday, February 04, 1997 3:26AM
> > >To: miltcheva @
unicc .
org
> > >Subject: AVT configurations
> > >
> > >Howdy,
> > >
> > >don't think there are address conflicts as the routing takes place
> > >through firewalls. in other words, the destination address is handled
> > >only after it reaches the target VPN Server (Tunnel Server).
> > >
> > >The firewall is set up to handle the tunnel addresses via relay.
> > >
> > >Arjo
> > >
> > >
> ----- End of forwarded message -----
>
References:
|
|
