Re: Newbie VPN setup/configuration question

["Paul D. Robertson" <proberts () patriot net>]

On Wed, 17 Jul 2002, Tony Howlett wrote:

> Kathy,
>
> Since the Sonicwall uses an IPSec VPN, it in theory possible to get some 
> software based VPN software for the linux box that will interoperate, in 
> reality, probably more trouble than it is worth.  Sonicwall claims to be 

"More trouble than it's worth" depends exactly on what trouble it's worth- 
and the interoperability is certainly more than theoretical.

> compatible with some major brands such as Firewall1 and raptor but ive 
> never tried to make this work.  I seriously doubt if they will support any 
> of the lower end consumer based firewalls or anything that runs on 
> linux.  Sorry to be the bearer of bad news but i work with Sonicwall alot 

IPSec is a standard, and ICSA Labs does IPSec testing- which includes 
security testing *and* interoperability testing.

SonicWALL is a tested/certified product, and therefore is able to 
interoperate with many other products.  This is an independently verified 
fact[1].  In the Labs, SonicWALL was tested against ten other certified 
products, each of which has been tested against a larger number of 
products for interoperability. 

http://www.icsalabs.com/html/communities/ipsec/lab/notes/10b/Sonicwall_Pro200_6300.shtml

> and they seem to only work with their own firewall VPN boxes.  Just thought 
> id save you alot of sweat and heartache

Now, with all that said, IPSec is a very difficult to understand 
protocol[2], and "will interoperate" doesn't mean "will interoperate 
seemlessly, or in every configuration."  However, with support from the 
person who configured the device and potentially from the vendor, getting 
something to interoperate shouldn't be too challenging given the 
reference set SonicWALL is known to interoperate with.  

Please note the following disclaimers:

I work for TruSecure.  TruSecure owns ICSA Labs.  SonicWALL is a customer 
of ICSA Labs.  This list is hosted at ICSA Labs.  I'm a list moderator for
this list[3].

Paul
[1] For this, of course you must believe in the objectivity of the Labs.  
Since I know and work with them, I certainly do.
[2] It's bad enough that sometimes different products from the same vendor 
are a challenge, but our interoperability testing has made that 
significantly less of an issue over the last few years.
[3] People are welcome to take issue with anything in this message either 
on or off list.
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards