Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kumar
Participant

How does Normal mode work in RA VPN?

Hi All,

If Office mode is enabled Security gateway will assign a IP from the pool to Client.

If we are not enabling Office mode, how the traffic will flow in our network?

0 Kudos
7 Replies
Vladimir
Champion
Champion

I suspect that in the absence of the Office Mode supplied IPs, you'll simply end-up with conventional tunnel containing one encryption domains on each side. So the client will be aware of the networks behind the gateway and the gateway, about client's network.

0 Kudos
Kumar
Participant

If that might be the case, The IP address provided for the client (by ISP) may overlap with our organisation network.

0 Kudos
Vladimir
Champion
Champion

That’s the reason for Office Mode Smiley Happy

Vladimir Yakovlev

973.558.2738

vlad@eversecgroup.com

0 Kudos
G_W_Albrecht
Legend
Legend

Îf Office Mode is not used, the RA VPN client connects to the GW using its local IP. This IP has to be known by the GW and access has to be granted. SecuRemote, the licenseless CP RA VPN client always uses this kind of connection.

But this will not work if RA VPN clients get their IPs dynamically or their IP is changed from time to time / all 24 hours.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Vladimir
Champion
Champion

"This IP has to be known by the GW and access has to be granted." I am not sure that this is an accurate statement.

The SecuRemote connects to the gateway identifying itself by the public IP of the router/gateway it is coming from.

I do not think that the GW should be in any way aware of either the public IP or the private IPs assigned to the SecuRemote clients.

I do believe that major limitation of SecuRemote is the lack of support for multiple clients (or concurrent connections) originating from behind the same public IP.

 

If I am wrong, please do correct my assumptions.

0 Kudos
G_W_Albrecht
Legend
Legend

"I do not think that the GW should be in any way aware of either the public IP or the private IPs assigned to the SecuRemote clients." - afaik VPN does not work if the peer is not known.

Major limitation of SecuRemote is that Office Mode is not supported.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Vladimir
Champion
Champion

"VPN does not work if the peer is not known" if this were true, no mobile IPSec remote access solution would work Smiley Happy

Yes, the Office Mode is not supported by SecuRemote, but this simply means that you loose the ability to control the IP addressing schema for remote clients and the possibility of conflicting encryption domains will be present.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events