Firewall Wizards mailing list archives
Sanity Check - Raptor-to-Cisco VPN plan
From: John Burgess <allegroceo () yahoo com>
Date: Tue, 7 Mar 2000 11:47:01 -0800 (PST)
After weeks of debate (me vs CIO) regarding how to best integrate data comm between two companies (lets call them "us" and "them") after a merger it looks like we are going to go for a VPN between our existing Internet circuits ( "us" has point-to-point to C&W; "them" has frame-relay to local ISP). "us" has a NT Raptor firewall, "them" has a Watchguard Firebox. Tried to setup a VPN between firewalls and although Raptor tech support was willing to help, Watchguard tech support refused to even log a call since it involved Raptor. Several attempts to create a VPN between the two firewall's failed. Internet searches revealed lot's of 'should be possible' hits, but no real meat. Gave up on this angle. Out of all the remaining possible solutions, CIO wants to do a VPN between Raptor and Cisco 1750 router. I found a how-to on firetower.com for the Raptor-Cisco VPN so it seems possible or probable that it could work. The circuits are 128K ("them") and 512K ("us") with approximately 250 nodes on the "us" side and 50 nodes on the "them" side. Cisco documentation says the 1750 can handle VPN for up to a 512K circuit. After the 1750 is in place at the "them" location, we will re-ip all their nodes to make "them" one of the "us" subnets, the new "them" router will be configured with Static NAT and PAT, access lists created to deny all non-VPN inbound traffic but SMTP, allow all outbound traffic, and the "them" firebox removed from service. Questions: 1) Has anyone actually made a Raptor to Watchguard VPN work? 2) Is the 1750 with IPSEC VPN going to be able to handle the load? 3) Does a Raptor-to-Cisco VPN really work? 4) Any good reason to leave the firebox in place? 5) If 3 is true, can it be made completely transparent to only traffic coming from the VPN endpoint on the 1750? All comments welcome and encouraged. John Burgess __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
Current thread:
- Sanity Check - Raptor-to-Cisco VPN plan John Burgess (Mar 08)
- Re: Sanity Check - Raptor-to-Cisco VPN plan Ryan Russell (Mar 13)
- RE: Sanity Check - Raptor-to-Cisco VPN plan John Burgess (Mar 13)
- Re: Sanity Check - Raptor-to-Cisco VPN plan Ryan Russell (Mar 13)