Layer4 Re: VPN Solution (WAS: ORBS (Re: Scanning))

Jon Mansey jon at
Mon May 28 14:37:00 UTC 2001

Does anyone know of a way to put layer 4 switching in front of a VPN 
client such that (for example) email and nntp dont get tunnelled 
while everything else does, or vice-versa?

We're probably talking Windows software here I know......


>  > The VPN solutions I have used (e.g. Bay Networks, MS PPTP) send *every*
>>  packet from the end user machine to the VPN end-point, not just selected
>>  packets (like with SSH tunneling).
>   If you want a commercial solution that does selective tunnelling - the
>FW-1 addin (VPN-1) exports a "topography" file to the client at setup; this
>really consists of a list of subnets that the VPN will handle, and is set at
>the server side. anything not on the topography list goes out via the dialup
>adaptor or network card as normal.

More information about the NANOG mailing list