Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(ASCEND) P75<->Max config question




  I have what seems like it should be a common configuration:

  ISP's MAX <--ISDN--> P75 <--P-P Ethernet--> *IX PC

  I have one static IP address allocated to me by my ISP (and getting two is
not an option). The problem is that I need to give my PC that IP address and
make the Pipeline sit happily in the middle.

  I set my Pipeline up with:

  Proxy ARP enabled
  My IP Address of 10.0.0.1/24
  Rem IP Address of x.x.x.50/24
  Static route of x.x.x.217/32 (my single IP address) via 10.0.0.2 (since the
    Pipeline doesn't appear to have any way to associate a route directly as
    interface-local)

  And my PC up with:

  IP addresses of x.x.x.217/24 and 10.0.0.2
  Default router x.x.x.50/24

  There's only one problem. My ISP's MAX is set up to authenticate IP addresses
too in order to prevent spoofing. The Pipeline sends its IP address, which is
10.0.0.1, and my account with the ISP expects x.x.x.217. So the MAX nukes the
call. If I set up the Pipeline with x.x.x.217 as its IP address, the call goes
through and packets go out... but they never come back to my PC because the
Pipeline thinks the packets are destined for it and doesn't forward them along.

  Can anyone suggest how to make this setup work? I know I could do this using
NAT, but between personally believing that NAT is evil incarnate (it breaks
many underlying assumptions in the Internet protocol suite) and needing to use
IPsec on my host (which doesn't get along well with NAT unless the NAT is also
the security gateway), it's really not a solution to my problem.

  Is there an option somewhere buried in the Pipeline (I tried all of the
fields under Session->..->IP Options) to say, "send this address for
authentication, but DO NOT treat it as a local interface address"?

  It seems like this shouldn't be an unreasonable configuration, but the
Pipeline is about one knob short of being able to make it work.

									-Craig

PS: Does anyone have a pointer to the correct location where one gets the hash
code to enable the beta IPsec code for the Pipeline? I was given a pointer
while talking with Ascend support this afternoon about another problem, but it
only gives me a skeletal white paper.
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>