I've been doing some playing around with VPN telecommuting via ADSL, with
the client at home on my ADSL link, and an NT firewall at the other end.

The bottom line is, IPSec at present won't work through the M10 when using
NAPT. (Network Address Port Translation - Nokia's version of NAT).

PPTP will work, if you pinhole PPTP through to your internal address.

Firewall to Firewall VPN (Say with one of the little Watchguard Telecommuter
or SOHO Firewalls at home) will work over PPTP, not over IPSec.

The difficulty is that the current software (5.1.3 R3) on the M10 only lets
me pinhole IP types TCP, UDP, PPTP and ICMP.

Apparently the newer software 5.3.0 R2 will allow IP type 50 (ESP)and other
types to be pinholed, but the software has some issues to be resolved before
general release.

The only other way to get IPSec to work would be to either use a registered
address on your internal network and Route, rather than NAT (would cost you
for the registered network, you'd need at least a /30), or set the Nokia up
as a bridge and assign the IP adress to an internal box. (I can see Telecom
being REAL keen on that! - You'd need a decent firewall at your end to keep
your broadcast crud off the network.)

As to the Assymmetry, you probably wouldn't use ADSL for an Office-to-Office
VPN link. You'd use SDSL or IDSL, which are slightly slower, but symmetric.

Rgds,

Rob Edkins
Systems Consultant
Axon Computertime
email: rob.edkins@axon.co.nz

To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Tue Feb 22 10:09:25 2000