Firewall Wizards mailing list archives
RE: Netscreen compatibility
From: "ROUMEGOUX Pierre" <Pierre.ROUMEGOUX () criltechnology com>
Date: Thu, 26 Aug 2004 15:00:09 +0200
Thanks for your reply, Netscreen NS-5GTE stands for NS-5GT Extended; it's a new product from Juniper/netscreen ref NS-5GT-205-AV. It's more expensive (= 2538 EUR) than 5GT plus unlimited user ref NS-5GT-105-AV (1544 EUR). It seems to me that it has about the same caracteristics of the Netscreen 25 but is less powerfull (less VPN tunnel=25 max, minor throughput= 75M fw 20M 3DES VPN...) but it has a DMZ and covers all the needs of my office (50 persons only, no High Availability required,...). Thanks for your return of experience over communication between old 5XP with 5GT, it's an important information for me. Question regarding interoperability with Microsoft: I think I will buy Netscreen client licences The forums you talk about will be very usefull. Other experience over communication between 10 or 5XP and 5GT will be welcomed. Regards, Pierre -----Message d'origine----- De : Bruce Platt [mailto:Bruce () ei3 com] Envoyé : jeudi 26 août 2004 14:32 À : ROUMEGOUX Pierre; firewall-wizards () honor icsalabs com Objet : RE: [fw-wiz] Netscreen compatibility
I wonder if new Netscreen 5GTE are compatible with old Netscreen 10 or 5XP regarding VPN IPSec Tunnel.
Pierre, To my knowledge there is no Netscreen model 5GTE, but there is a model 5GT. I have been using these devices for some time now and they interoperate extremely well both among members of the product family and with other vendors. My experience does not allow me to answer your specific question of whether a 5GT will make a VPN with a Netscreeen 10, but I am certain it will. I do know from experience that the 5GT can make VPN with the model 5, the model 5XP, and the 200 series models very easily.
Apparently, VPN IPSec Tunnel may be different from one construster to another (at last the interpretation of the standard IPSec). It seems that Microsoft IPSec client doesn't work well with Netscreen IPSec. Your opinion ?
Yes, different vendors often use different default Phase 1 and Phase 2 parameters. What is nice about Netscreen VPN products is that it is very easy for one to create a Phase 1 and Phase 2 proposal which will work with almost any other vendor. I have created VPNs from Netscreens to Cisco Pix and to Symantec firewalls and appliances. Other folks have wider positive experience. Specifically to your question regarding interoperability with Microsoft, I point you to the following mailing list archives: http://www.qorbit.net/nn/index.html In the last week or so, there has been an extensive thread regarding how to set up a VPN using the MS native client to a Netscreen. This thread had some very good instructions in it. If you are new to Netscreens, you might want to subscribe to the nn mailing list and also visit the Netscreen Forum at http://www.netscreenforum.com Good luck and regards, Bruce _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Netscreen compatibility ROUMEGOUX Pierre (Aug 26)
- Re: Netscreen compatibility Peter Bruderer (Aug 27)
- <Possible follow-ups>
- RE: Netscreen compatibility Melson, Paul (Aug 27)
- RE: Netscreen compatibility ROUMEGOUX Pierre (Aug 28)
- RE: Netscreen compatibility Bruce Platt (Aug 28)