WinGate Forums

[rcyoung]

Has anyone figred out if it is even possible to have a client with a Cisco, Avaya, or Contivity VPN "inside" Wingates protected area, and configure things so that VPN can get out to a host on the general Internet?? Wingate's VPN is of no value since I am having to connect to several different customer sites, and each customer uses one of the above VPNs. My alternative is do dialup network over phone lines to a general ISP provider, but that is terribly slow. Wingate currently guards the only fast line going "outside".

One VPN uses IKE protocol (50/51) in addition to TCP/UDP. Not sure about the others.

[genie]

VPN solution must support NAT-T - NAT traversal.

[rcyoung]

Ah yes, but has anyone tried ( successfully or not) to get any of these working through Wingate?

[adrien]

we have had several clients going through I believe, including Cisco's PIX VPN client, MS L2TP NAT-T (requires 2003 server and XP clients), and Checkpoint's SecuRemote.

The solution needs to support tunnelling over UDP. the specification for IPSEC in native mode (i.e. ESP etc) is designed to not allow going through a NAT. Bit short-sighted of the protocol developers I think.

That is a major reason why we originally designed our own protocol which goes over UDP, since we were developing this prior to the NAT-T specification.

Adrien

[luxifer]

Is the problem not based in the fact that the VPN client loaded like "Nortel Connectivity" locks out the local network by changing the "tcp/ip route", and therefor is wingate unable to receive/send frames to the local network ?

Does wingate have an option which allow clients to connect using non TCP/IP protocol like "netbeui" ?

[labull]

We have successfully made MS RRAS PPTP and CheckPoint VPN connections outbound trough WinGate.

Just need to know what ports to open.

Larry