Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Netscreen compatibility

From: "ROUMEGOUX Pierre" <Pierre.ROUMEGOUX () criltechnology com>
Date: Thu, 26 Aug 2004 15:00:09 +0200
Thanks for your reply,

Netscreen NS-5GTE stands for NS-5GT Extended; it's a new product from Juniper/netscreen ref NS-5GT-205-AV.
It's more expensive (= 2538 EUR) than 5GT plus unlimited user ref NS-5GT-105-AV (1544 EUR).

It seems to me that it has about the same caracteristics of the Netscreen 25 but is less powerfull (less VPN tunnel=25 
max, minor throughput= 75M fw 20M 3DES VPN...) but it has a DMZ and covers all the needs of my office (50 persons only, 
no High Availability required,...).

Thanks for your return of experience over communication between old 5XP with 5GT, it's an important information for me.

Question regarding interoperability with Microsoft: I think I will buy Netscreen client licences

The forums you talk about will be very usefull.

Other experience over communication between 10 or 5XP and 5GT will be welcomed.

Regards,
Pierre

-----Message d'origine-----
De : Bruce Platt [mailto:Bruce () ei3 com]
Envoyé : jeudi 26 août 2004 14:32
À : ROUMEGOUX Pierre; firewall-wizards () honor icsalabs com
Objet : RE: [fw-wiz] Netscreen compatibility




I wonder if new Netscreen 5GTE are compatible with old 
Netscreen 10 or 5XP regarding VPN IPSec Tunnel.


Pierre,

To my knowledge there is no Netscreen model 5GTE, but there is a model 5GT.

I have been using these devices for some time now and they interoperate
extremely well both among members of the product family and with other
vendors.  
My experience does not allow me to answer your specific question 
of whether a 5GT will make a VPN with a Netscreeen 10, but I am certain it
will.  

I do know from experience that the 5GT can make VPN with the model 5, the
model 5XP,
and the 200 series models very easily.



Apparently, VPN IPSec Tunnel may be different from one 
construster to another (at last the interpretation of the 
standard IPSec). It seems that Microsoft IPSec client doesn't 
work well with Netscreen IPSec. Your opinion ?



Yes, different vendors often use different default Phase 1 and Phase 2
parameters.

What is nice about Netscreen VPN products is that it is very easy for one to
create a
Phase 1 and Phase 2 proposal which will work with almost any other vendor.
I have 
created VPNs from Netscreens to Cisco Pix and to Symantec firewalls and 
appliances.  Other folks have wider positive experience.

Specifically to your question regarding interoperability with Microsoft, I
point you to the following
mailing list archives:

http://www.qorbit.net/nn/index.html

In the last week or so, there has been an extensive thread regarding how to
set up a VPN using the MS native
client to a Netscreen.  This thread had some very good instructions in it.

If you are new to Netscreens, you might want to subscribe to the nn mailing
list and also visit the Netscreen Forum at 

http://www.netscreenforum.com

Good luck and regards,

Bruce

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: