If Office mode is enabled Security gateway will assign a IP from the pool to Client.
If we are not enabling Office mode, how the traffic will flow in our network?
I suspect that in the absence of the Office Mode supplied IPs, you'll simply end-up with conventional tunnel containing one encryption domains on each side. So the client will be aware of the networks behind the gateway and the gateway, about client's network.
If that might be the case, The IP address provided for the client (by ISP) may overlap with our organisation network.
That’s the reason for Office Mode
Îf Office Mode is not used, the RA VPN client connects to the GW using its local IP. This IP has to be known by the GW and access has to be granted. SecuRemote, the licenseless CP RA VPN client always uses this kind of connection.
But this will not work if RA VPN clients get their IPs dynamically or their IP is changed from time to time / all 24 hours.
"This IP has to be known by the GW and access has to be granted." I am not sure that this is an accurate statement.
The SecuRemote connects to the gateway identifying itself by the public IP of the router/gateway it is coming from.
I do not think that the GW should be in any way aware of either the public IP or the private IPs assigned to the SecuRemote clients.
I do believe that major limitation of SecuRemote is the lack of support for multiple clients (or concurrent connections) originating from behind the same public IP.
If I am wrong, please do correct my assumptions.
"I do not think that the GW should be in any way aware of either the public IP or the private IPs assigned to the SecuRemote clients." - afaik VPN does not work if the peer is not known.
Major limitation of SecuRemote is that Office Mode is not supported.
"VPN does not work if the peer is not known" if this were true, no mobile IPSec remote access solution would work
Yes, the Office Mode is not supported by SecuRemote, but this simply means that you loose the ability to control the IP addressing schema for remote clients and the possibility of conflicting encryption domains will be present.
Retrieving data ...