[AusNOG] Firewall authentication from Telstra 3G connections
James Sutherland
james.sutherland at micron21.com
Wed Jun 20 12:44:40 EST 2012
Hi Ausnog,
Thanks for everyone's responses to this. In the end a Telstra rep got in touch to advise they have recently added PAT to their NAT for 3G, resulting in HTTPS and HTTP traffic getting different IPs to other traffic and causing a couple of similar issues. They have kindly added our IP ranges to bypass the PAT and the web authentication is now working as it was.
Kind regards,
James
-----Original Message-----
From: Chris Knight [mailto:stryqx at gmail.com]
Sent: Friday, 15 June 2012 5:16 PM
To: James Sutherland
Subject: Re: [AusNOG] Firewall authentication from Telstra 3G connections
Hi James,
This has been happening for about two years now. Surprised you're just seeing this now.
Fixed up all of this mess by getting clients to request telstra.extranet APN access on all their accounts, or move to a Connect IP network setup. Where none of that was possible, tunnel everything over a single session encrypted link and firewall at the tunnel endpoint.
On 15 June 2012 12:51, James Sutherland <james.sutherland at micron21.com> wrote:
> Hi Ausnog,
>
>
>
> In the past couple of weeks we have started seeing issues with
> customers connecting to firewall-authentication-protected servers via
> Telstra 3G. From any other connection you browse to the gateway, enter
> username and password, and the firewall temporarily opens the required
> ports just for the IP you connected from. Recently though, from
> Telstra 3G connections, it seems that http traffic to the
> authentication page is sourced from a different IP to FTP, SSH etc
> traffic so the cached authenticated IP doesn't match the traffic's
> source IP and is dropped. This has been confirmed with several
> different firewalls and customers. Has anyone else seen this or could shed some light on it?
>
>
>
> Kind regards,
>
> James
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
--
Regards,
Chris Knight
More information about the AusNOG
mailing list