Equinux VPN Tracker 8.1.1 Manual de usuario Pagina 72
- Pagina / 83
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
NAT-Traversal
Network Address Translation used to be a problem for VPN connections: Once
the VPN is established, the actual communication over the VPN uses a net-
work protocol called ESP. Unlike the TCP and UDP network protocols you may
be familiar with, ESP does not use network ports. Since NAT depends on being
able to use network ports to identify the recipient of an incoming response, it
cannot work with ESP out of the box. Two methods have been developed to
deal with NAT-Traversal:
IPSec Passthrough
For IPsec Passthrough, the local router needs to know about IPsec VPN and
the ESP protocol. In its most basic form, the router simply sends all ESP traffic
to the last host on its network that talked to the VPN gateway. Most NAT rout-
ers have some limitation on their IPsec Passthrough capability, for example it
often cannot support more than a single computer connecting to the VPN.
Since the local router takes care of everything, no special support is required
on the VPN gateway or the VPN client.
NAT-Traversal
With NAT-Traversal, VPN Tracker wraps ESP into regular UDP packets (which
have port numbers and can easily be handled by NAT routers). On the other
end, the VPN gateway needs to remove the UDP “wrapper” before it can de-
crypt the VPN communication.
There are several versions of NAT Traversal. Some VPN gateways support only
one form of NAT-Traversal, and some, particularly older or low-end VPN gate-
ways, support none. VPN Tracker and the VPN gateway automatically nego-
tiate which form of NAT-Traversal, if any, to use.
Since VPN Tracker and the VPN gateway take care of everything, no special
support for NAT-Traversal is required from the local router, though firewall
rules or firmware issues could prevent NAT-Traversal from working.
If you are buying a new VPN gateway, make sure it supports all
forms of NAT-Traversal – it is very likely that you will encounter
Internet connections that require NAT-Traversal to work.
The following diagram shows how a VPN is established using different NAT-
Traversal mechanisms:
NAT-Traversal: Earlier Draft Versions vs. RFC
The early NAT-Traversal draft versions sent UDP packets on network port
500, the same port also used for the initial connection process of the VPN.
This sometimes caused trouble with NAT routers that simply discarded UDP
packets on network port 500.
To deal with this problem, the final NAT-Traversal standard (RFC) changed
the network port for performing NAT-Traversal to the (non-privileged) UDP
network port 4500.
Phase 1
Phase 2
Established
XAUTH,
Mode Config,
EasyVPN
(optional)
DHCP over VPN
SonicWALL
(optional)
ESP is being used (no ports)
NAT-Traversal encapsulates
ESP in UDP (port 4500 for RFC,
port 500 for early drafts)
The VPN gateway and VPN
Tracker negotiate which NAT-
Traversal mechanism to use
later. Phase 1 always uses
UDP port 500.
NAT-Traversal (RFC) switches
to UDP port 4500, all others
continue on UDP port 500
72
- VPN Tracker 8 1
- Contents 3
- VPN Tracker 8 at a Glance 4
- Introducing VPN Tracker 5
- What’s New in VPN Tracker 8? 6
- Upgrading to VPN Tracker 8 7
- VPN Tracker Editions 8
- Getting Started 9
- Changing Computers 10
- Managing Licenses 10
- VPN Tracker 5, 6, and 7 11
- VPN Tracker 4 (and 3) 11
- Getting Connected 12
- VPN Crash Course 12
- The Big Picture 13
- Basic Settings 14
- Advanced Settings 15
- Actions and Notes 15
- Completing Setup 15
- Setup for an Existing VPN 16
- Set up Your VPN Gateway 17
- Configure VPN Tracker 18
- Connecting 18
- Importing Connections 19
- Connecting to Your New VPN 20
- Working with VPN Tracker 21
- Working with Secure Desktop 24
- VPN Productivity 26
- VPN Connection Stats 27
- Menu Bar Item 27
- Notifications 27
- Locations 28
- Wi-Fi Networks 28
- Actions After Connecting 28
- Actions Before Disconnecting 28
- Network Scanner 30
- Scan Results 31
- Using Scan Results 32
- Customizing Scan Results 32
- Accounting 33
- Exporting Connections 34
- Export Settings Explained 35
- Security 36
- Secure Desktop 36
- Contact info 37
- Unlock Password 37
- Certificates 37
- Troubleshooting 38
- Troubleshooting Remote DNS 41
- Further Questions? 42
- Reference 43
- Settings Reference 43
- Topology 44
- Local Address 45
- Remote Networks 45
- Authentication 45
- Identifiers 46
- Advanced Tab 50
- Traffic Control 53
- NAT-Traversal 54
- Connection Timeout 54
- Interoperability 54
- Additional Settings 56
- Actions Tab 58
- Export Tab 58
- VPN Tracker Preferences 58
- Network Preferences 59
- Scanner Preferences 60
- Notification Preferences 60
- Secure Desktop Reference 62
- Accessing FileMaker Databases 65
- Administrating OS X Server 66
- Printing over VPN 69
- L2TP / PPTP Connections 70
- VPN and Network Address 71
- Translation (NAT) 71
- What does the test do? 73
- Certificates and Smart Cards 74
- Importing Certificates 75
- Which Certificates Do I Need? 76
- Local Certificate 77
- Remote Certificate 77
- Advanced Certificate Settings 77
- Using Smart Cards 78
- Verifying Access 79
- Troubleshooting Certificates 80
- Choosing the Right VPN Device 81
- Further Resources 82
- Keyboard Shortcuts 83
Relacionado con productos y manuales para Software Equinux VPN Tracker 8.1.1
Software Equinux iSale 5.9.7 Manual de usuario
(93 paginas)
(93 paginas)
Software Equinux SongGenie 1.2.1 Manual de usuario
(15 paginas)
(15 paginas)
Software Equinux SongGenie 2.2.7 Manual de usuario
(22 paginas)
(22 paginas)
Software Equinux The Tube 2.11.4 Manual de usuario
(63 paginas)
(63 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.060 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales