topic Re: How does Normal mode work in RA VPN? in Firewall and Security Management

How does Normal mode work in RA VPN?

Kumar — Thu, 12 Apr 2018 12:15:46 GMT

Hi All,

If Office mode is enabled Security gateway will assign a IP from the pool to Client.

If we are not enabling Office mode, how the traffic will flow in our network?

Re: How does Normal mode work in RA VPN?

Vladimir — Thu, 12 Apr 2018 13:00:43 GMT

I suspect that in the absence of the Office Mode supplied IPs, you'll simply end-up with conventional tunnel containing one encryption domains on each side. So the client will be aware of the networks behind the gateway and the gateway, about client's network.

Re: How does Normal mode work in RA VPN?

Kumar — Thu, 12 Apr 2018 13:08:30 GMT

If that might be the case, The IP address provided for the client (by ISP) may overlap with our organisation network.

Re: How does Normal mode work in RA VPN?

G_W_Albrecht — Thu, 12 Apr 2018 13:56:51 GMT

Îf Office Mode is not used, the RA VPN client connects to the GW using its local IP. This IP has to be known by the GW and access has to be granted. SecuRemote, the licenseless CP RA VPN client always uses this kind of connection.

But this will not work if RA VPN clients get their IPs dynamically or their IP is changed from time to time / all 24 hours.

Re: How does Normal mode work in RA VPN?

Vladimir — Thu, 12 Apr 2018 13:58:12 GMT

That’s the reason for Office Mode

Vladimir Yakovlev

973.558.2738

vlad@eversecgroup.com

Re: How does Normal mode work in RA VPN?

Vladimir — Thu, 12 Apr 2018 14:52:24 GMT

"This IP has to be known by the GW and access has to be granted." I am not sure that this is an accurate statement.

The SecuRemote connects to the gateway identifying itself by the public IP of the router/gateway it is coming from.

I do not think that the GW should be in any way aware of either the public IP or the private IPs assigned to the SecuRemote clients.

I do believe that major limitation of SecuRemote is the lack of support for multiple clients (or concurrent connections) originating from behind the same public IP.

If I am wrong, please do correct my assumptions.

Re: How does Normal mode work in RA VPN?

G_W_Albrecht — Fri, 13 Apr 2018 06:57:13 GMT

"I do not think that the GW should be in any way aware of either the public IP or the private IPs assigned to the SecuRemote clients." - afaik VPN does not work if the peer is not known.

Major limitation of SecuRemote is that Office Mode is not supported.

Re: How does Normal mode work in RA VPN?

Vladimir — Fri, 13 Apr 2018 12:07:11 GMT

"VPN does not work if the peer is not known" if this were true, no mobile IPSec remote access solution would work

Yes, the Office Mode is not supported by SecuRemote, but this simply means that you loose the ability to control the IP addressing schema for remote clients and the possibility of conflicting encryption domains will be present.