This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN & Spoof

Hi,

I set up ssl vpn capabilities in this context :
DMZ network : 176.16.x.x
Internal : 192.168.x.x

My ssl client connect without a problem and i can do whateveer i want in the DMZ.
Now if i also want to do whatever i want in the Internal network, i have to set
"Spoof protection" to "off".

Can i use the "Spoof protection" but still using ssl vpn to access my internal network remotly ?

This thread was automatically locked due to age.

Parents

0 dswartz over 14 years ago

barry, I am confused. If he is using ssl, the ext interface will never see these packets, so how would a masq rule for ext do anything? my understanding is that a masq rule => INT will make the ssl client packets look like they came from the INT network, so the spoof stuff won't fire. am i misunderstanding something?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dswartz over 14 years ago

barry, I am confused. If he is using ssl, the ext interface will never see these packets, so how would a masq rule for ext do anything? my understanding is that a masq rule => INT will make the ssl client packets look like they came from the INT network, so the spoof stuff won't fire. am i misunderstanding something?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Kynao over 14 years ago in reply to dswartz

barry, I am confused. If he is using ssl, the ext interface will never see these packets, so how would a masq rule for ext do anything? my understanding is that a masq rule => INT will make the ssl client packets look like they came from the INT network, so the spoof stuff won't fire. am i misunderstanding something?

Yes, i have the same understanding but i'm open to explanations i look as mysterious [:)]
For example i don't have masquerading on DMZ and it works which i look as unexpected if we continue to follow our logic.
Cancel
Vote Up 0 Vote Down

Cancel