cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

How does Normal mode work in RA VPN?

Hi All,

If Office mode is enabled Security gateway will assign a IP from the pool to Client.

If we are not enabling Office mode, how the traffic will flow in our network?

0 Kudos
7 Replies
Vladimir
Pearl

Re: How does Normal mode work in RA VPN?

I suspect that in the absence of the Office Mode supplied IPs, you'll simply end-up with conventional tunnel containing one encryption domains on each side. So the client will be aware of the networks behind the gateway and the gateway, about client's network.

0 Kudos

Re: How does Normal mode work in RA VPN?

If that might be the case, The IP address provided for the client (by ISP) may overlap with our organisation network.

0 Kudos
Vladimir
Pearl

Re: How does Normal mode work in RA VPN?

That’s the reason for Office Mode Smiley Happy

Vladimir Yakovlev

973.558.2738

vlad@eversecgroup.com

0 Kudos

Re: How does Normal mode work in RA VPN?

Îf Office Mode is not used, the RA VPN client connects to the GW using its local IP. This IP has to be known by the GW and access has to be granted. SecuRemote, the licenseless CP RA VPN client always uses this kind of connection.

But this will not work if RA VPN clients get their IPs dynamically or their IP is changed from time to time / all 24 hours.

0 Kudos
Highlighted
Vladimir
Pearl

Re: How does Normal mode work in RA VPN?

"This IP has to be known by the GW and access has to be granted." I am not sure that this is an accurate statement.

The SecuRemote connects to the gateway identifying itself by the public IP of the router/gateway it is coming from.

I do not think that the GW should be in any way aware of either the public IP or the private IPs assigned to the SecuRemote clients.

I do believe that major limitation of SecuRemote is the lack of support for multiple clients (or concurrent connections) originating from behind the same public IP.

 

If I am wrong, please do correct my assumptions.

0 Kudos

Re: How does Normal mode work in RA VPN?

"I do not think that the GW should be in any way aware of either the public IP or the private IPs assigned to the SecuRemote clients." - afaik VPN does not work if the peer is not known.

Major limitation of SecuRemote is that Office Mode is not supported.

0 Kudos
Vladimir
Pearl

Re: How does Normal mode work in RA VPN?

"VPN does not work if the peer is not known" if this were true, no mobile IPSec remote access solution would work Smiley Happy

Yes, the Office Mode is not supported by SecuRemote, but this simply means that you loose the ability to control the IP addressing schema for remote clients and the possibility of conflicting encryption domains will be present.

0 Kudos