Re: Sanity Check - Raptor-to-Cisco VPN plan

[Ryan Russell <ryan () securityfocus com>]

On Tue, 7 Mar 2000, John Burgess wrote:

> Internet circuits ( "us" has point-to-point to C&W;
> "them" has frame-relay to local ISP).  "us" has a NT
> Raptor firewall, "them" has a Watchguard Firebox. 
> Tried to setup a VPN between firewalls and although
> Raptor tech support was willing to help, Watchguard
> tech support refused to even log a call since it
> involved Raptor.    Several attempts to create a VPN
> between the two firewall's failed.  Internet searches
> revealed lot's of 'should be possible' hits, but no
> real meat.  Gave up on this angle.

Failed how?  My personal experience has been that some ISPs (either yours,
or one in-between) will block some kinds of traffic.  This can result in
things like IPSec or GRE just not arriving.  I ask how it broke because
if you're having that problem, then you're likely to be frustrated by a
wide variety of VPN types.  Just to make things fun, the occasional
topology change will cause your VPN traffic to cross an ISP that blocks,
so you may have intermittent failures.  Joy.

                                        Ryan

(On my list of things to do in my copious spare time is modify a version
of traceroute to use an arbitrary IP type.  I'm pretty sure I could use
such a tool to tell which router is blocking which traffic type.)