Firewall Wizards mailing list archives
Re: Sanity Check - Raptor-to-Cisco VPN plan
From: Ryan Russell <ryan () securityfocus com>
Date: Thu, 9 Mar 2000 10:45:03 -0800 (PST)
On Tue, 7 Mar 2000, John Burgess wrote:
Internet circuits ( "us" has point-to-point to C&W; "them" has frame-relay to local ISP). "us" has a NT Raptor firewall, "them" has a Watchguard Firebox. Tried to setup a VPN between firewalls and although Raptor tech support was willing to help, Watchguard tech support refused to even log a call since it involved Raptor. Several attempts to create a VPN between the two firewall's failed. Internet searches revealed lot's of 'should be possible' hits, but no real meat. Gave up on this angle.
Failed how? My personal experience has been that some ISPs (either yours, or one in-between) will block some kinds of traffic. This can result in things like IPSec or GRE just not arriving. I ask how it broke because if you're having that problem, then you're likely to be frustrated by a wide variety of VPN types. Just to make things fun, the occasional topology change will cause your VPN traffic to cross an ISP that blocks, so you may have intermittent failures. Joy. Ryan (On my list of things to do in my copious spare time is modify a version of traceroute to use an arbitrary IP type. I'm pretty sure I could use such a tool to tell which router is blocking which traffic type.)
Current thread:
- Sanity Check - Raptor-to-Cisco VPN plan John Burgess (Mar 08)
- Re: Sanity Check - Raptor-to-Cisco VPN plan Ryan Russell (Mar 13)
- RE: Sanity Check - Raptor-to-Cisco VPN plan John Burgess (Mar 13)
- Re: Sanity Check - Raptor-to-Cisco VPN plan Ryan Russell (Mar 13)