Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Newbie VPN setup/configuration question

From: Kathy Bieltz <kbieltz () hal-pc org>
Date: Thu, 18 Jul 2002 10:21:18 -0500
Dave,

Thanks for your info on how to setup and get a VPN connection
working.  My husband doesn't just transfer files, he displays back
to his Linux box the GUI interface for a Seismic Data processing
program that is very graphic intensive running on the computer
at work.  We use 'vncviewer' to speed up the graphic display to his
Linux box so he can pick velocities, etc.

Do you know anything about SMC's Barricade Plus($109)?  It's cheaper
than SonicWALL TELE3($500).

Here's the hardware setup I invision - will this work?

work LAN
  |
SonicWALL
  |
 ISP
  .
internet
  .
  |
ISP
  |
DSL Modem
  |
SMC7004ABR Broadband router (VPN passthrough)
  |
Home  LAN
  |        |        |
  |        |       WinXP Computer (TCP/IP)
  |      Linux Computer (TCP/IP)
SMC7004FW Broadband router (VPN IPSEC & PPTP)
  |
Wireless AP
  |
Wireless NIC
  |
Linux computer (TCP/IP) running 'vncviewer'

Kathy Bieltz

Dave Piscitello wrote:


SonicWall does work with other vendor VPN appliances. We have several
running in a multi-vendor test network we use to teach VPNs at
Networld/Interop, etc. The other vendor equipment includes CheckPoint,
WatchGuard, Netscreen, and the products formerly known as the Nokia
CryptoCluster (abandoned product line) and RapidStream (acquired by
WatchGuard).

The *trick* with multi-vendor VPNs is matching IKE and IPsec policies both
ends support. We've been successful with SonicWall and other vendor
equipment when we use IKE (pre-shared secrets, Diffie Hellman Group 2,
SHA1, 3DES, Perfect Forward Secrecy, 8 hour lifetime) and IPsec (ESP, SHA1,
3DES). There is at least one documented bugs in the SonicWall GUI that can
throw you for a loop when you go the multivendor route, so visit the
support site.

SonicWall OEMs the SafeNet VPN client. This is a win32 software package and
it's a very clean install. WatchGuard and Netscreen also OEM this client,
as do several other VPN vendors.

You can get a Free S/WAN client, open source and executables, for Linux.
I don't know of anyone who's tried this with a SonicWall, but check first
that you can configure the IKE and IPsec SA parameters I suggested above. I
know Free S/WAN supports raw public keys - Sonic does not, so crawl before
you walk.

Frankly, you'd probably spend less time creating a Win32 partition (dual
boot) on your husband's Linux box, or (better) install the SafeNet VPN
client on another Win32 machine in your house, and have him use SAMBA to
mount and transfer files between his linux machine and the VPN client.



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: