|
|
|
In some cases, a connection type must be selected that flouts the recommendations in the previous topics.
If a client is accessible by public address and you select the With static NAT firewall type for this client, all the other ViPNet nodes (including the IP addresses server for this client) will see this client as a firewall (ie. the address of this client for external nodes will be turned into an address of a non-existent firewall). In this case, the connection is handled by the UDP protocol, including connections with the IP/241 protocol. Additionally, this network node becomes accessible through a special, so-called 'virtual' IP address. This can be very helpful when segmenting a network or making access rules based on IP addresses.
When a network node is in the same network segment as a coordinator, which is on the border of this segment, it's advisable to set this node so it works through this ViPNet coordinator (select ViPNet coordinator as the firewall type). At the same time, network nodes will work if you select another firewall type. For example, selecting the With static NAT or With dynamic NAT firewall types leads to the routing of encrypted traffic through another coordinator. (Note: You should set the IP address of this coordinator as a gateway in the network properties of the Windows operating system on your client's computer). This allows skilled administrators to create different routing rules.
If remote users (eg, home users), working through different NAT devices where it's impossible to set static rules of address translation, select the With dynamic NAT firewall type and enable the Direct all traffic with external hosts through IP addresses server feature, they will get more stable connections with resources in the ViPNet network. However, due to increased traffic on the IP addresses server, the speed of data exchange can slow down.
© 2007 Infotecs