From owner-freebsd-security  Thu Jul 22 13:42:19 1999
Delivered-To: freebsd-security@freebsd.org
Received: from lily.ezo.net (lily.ezo.net [206.102.130.13])
	by hub.freebsd.org (Postfix) with ESMTP id 3A4B714E8A
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Jul 1999 13:42:15 -0700 (PDT)
	(envelope-from jflowers@ezo.net)
Received: from lily.ezo.net (jflowers@localhost.ezo.net [127.0.0.1])
	by lily.ezo.net (8.8.7/8.8.7) with SMTP id QAA04513;
	Thu, 22 Jul 1999 16:41:54 -0400 (EDT)
Date: Thu, 22 Jul 1999 16:41:54 -0400 (EDT)
From: Jim Flowers <jflowers@ezo.net>
To: Thomas Uhrfelt <thomas.uhrfelt@plymovent.se>
Cc: skip-info@skip-vpn.org;, freebsd-security@FreeBSD.ORG
Subject: Re: SV: SKIP and NAT nomadic server - howto (long)
In-Reply-To: <01BED471.C8203720.thomas.uhrfelt@plymovent.se>
Message-ID: <Pine.BSI.3.91.990722162332.26379B-100000@lily.ezo.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Absolutely not stupid.  This is the essential VPN concept (at least in my=
=20
mind).  There isn't any reason why the configuration that I outlined=20
shouldn't work for both ends as long as the public skiphost address on=20
one end is fixed.  Even better if both skiphost addresses are known in adva=
nce as=20
that relieves the requirement that the skiphosts be located in-line=20
through the use of static routes.

With this kind of setup you can even access the Internet from the other=20
end, set up Exchange server replications and anything else you can think=20
of that can run over IP.  Great for desktop to desktop transfer if you=20
have enough bandwidth.

For secure systems, I prefer a screened subnet system.  The skiphost=20
functions can be combined with bastion host functions running on a=20
perimeter network.  I have one system with VPN nodes in USA East Coast,
USA West Coast, Belgium, Goa, India and Taiwan. Soon to add USA Southeast
and Delhi, India.  Works great.

Jim Flowers <jflowers@ezo.net>
#4 ISP on C|NET, #1 in Ohio

On Thu, 22 Jul 1999, Thomas Uhrfelt wrote:

> Excuse me if I am a bit stupid here but my question boils down to this..
>=20
> Is it possible to connect two private (192.168.1.0/24 and 192.168.10.0/24=
)=20
> networks on the net via 2 skip/natd gateways and still have the original =
natd=20
> functionality (http etc for the clients)?
>=20
> Thomas Uhrfelt                       thomas.uhrfelt@plymovent.se
> Computer Technician
>=20
> PlymoVent AB
> F=F6reningsgatan 37
> 211 52  Malmoe
> Sweden
>=20
> http://www.plymovent.com
>=20
>=20
>=20
>=20
>=20


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message