EasyClient

EasyClient is a feature of the Internet Gate that eases connection to IPSec servers.

When using a standard IPSec connection the subnets of all connecting clients must be different from each other.

When EasyClient is enabled outgoing packets are NAT-ed to the client gateway's global IP address before entering the IPSec tunnel. This way the client's subnet address is obscured and becomes unimportant. Thus the clients no longer need to all be on separate subnets.

You enable EasyClient on the IPSec Settings page, after clicking “Add” or “Edit/view” in the IPSec - Overview page (or advanced users on the VPN Connection Settings page).

A drawback using EasyClient is that while you can contact computers on the remote network, they cannot contact you. While this limitation is of no significance in most scenarios where you are a client connecting to a network, it still means you must disable EasyClient in connections where you are the server side, or in connections between equal parts. Also some applications that are not compatible with NAT might get problems. NAT

Therefore you are recommended to:

  • Enable EasyClient for connections where you are a client connecting to a server.
  • Disable EasyClient for connections where you are the server, or are equal to the other end


Configuring the remote end

If the other end of the IPSec connection is another brand than Internet Gate then configure it as if it would connect to a single PC running IPSec software, thus:

  • if there is a local network subnet address field to be specified, then leave it empty, or enter your client's global IP address, depending on brand.
  • if there is a local network subnet mask field, then leave it empty, or enter 255.255.255.255 depending on brand.
vpn/easyclient.txt · Last modified: 2010/11/22 12:31 by mats
CC Attribution-Noncommercial-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0