[38071] in North American Network Operators' Group
Layer4 Re: VPN Solution (WAS: ORBS (Re: Scanning))
daemon@ATHENA.MIT.EDU (Jon Mansey)
Mon May 28 10:40:07 2001
Mime-Version: 1.0
Message-Id: <a05100322b73812162272@[192.168.4.223]>
In-Reply-To: <004801c0e774$071c6d60$01c8a8c0@default>
Date: Mon, 28 May 2001 07:37:00 -0700
To: nanog@nanog.org
From: Jon Mansey <jon@interpacket.net>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Errors-To: owner-nanog-outgoing@merit.edu
Does anyone know of a way to put layer 4 switching in front of a VPN
client such that (for example) email and nntp dont get tunnelled
while everything else does, or vice-versa?
We're probably talking Windows software here I know......
Jon.
> > The VPN solutions I have used (e.g. Bay Networks, MS PPTP) send *every*
>> packet from the end user machine to the VPN end-point, not just selected
>> packets (like with SSH tunneling).
> If you want a commercial solution that does selective tunnelling - the
>FW-1 addin (VPN-1) exports a "topography" file to the client at setup; this
>really consists of a list of subnets that the VPN will handle, and is set at
>the server side. anything not on the topography list goes out via the dialup
>adaptor or network card as normal.
