Firewall Wizards mailing list archives
Re: Newbie VPN setup/configuration question
From: Dave Piscitello <dave () corecom com>
Date: Thu, 18 Jul 2002 08:31:13 -0400
SonicWall does work with other vendor VPN appliances. We have several running in a multi-vendor test network we use to teach VPNs at Networld/Interop, etc. The other vendor equipment includes CheckPoint, WatchGuard, Netscreen, and the products formerly known as the Nokia CryptoCluster (abandoned product line) and RapidStream (acquired by WatchGuard).
The *trick* with multi-vendor VPNs is matching IKE and IPsec policies both ends support. We've been successful with SonicWall and other vendor equipment when we use IKE (pre-shared secrets, Diffie Hellman Group 2, SHA1, 3DES, Perfect Forward Secrecy, 8 hour lifetime) and IPsec (ESP, SHA1, 3DES). There is at least one documented bugs in the SonicWall GUI that can throw you for a loop when you go the multivendor route, so visit the support site.
SonicWall OEMs the SafeNet VPN client. This is a win32 software package and it's a very clean install. WatchGuard and Netscreen also OEM this client, as do several other VPN vendors.
You can get a Free S/WAN client, open source and executables, for Linux.I don't know of anyone who's tried this with a SonicWall, but check first that you can configure the IKE and IPsec SA parameters I suggested above. I know Free S/WAN supports raw public keys - Sonic does not, so crawl before you walk.
Frankly, you'd probably spend less time creating a Win32 partition (dual boot) on your husband's Linux box, or (better) install the SafeNet VPN client on another Win32 machine in your house, and have him use SAMBA to mount and transfer files between his linux machine and the VPN client.
At 08:17 PM 7/17/2002 -0500, Tony Howlett wrote:
Kathy,Since the Sonicwall uses an IPSec VPN, it in theory possible to get some software based VPN software for the linux box that will interoperate, in reality, probably more trouble than it is worth. Sonicwall claims to be compatible with some major brands such as Firewall1 and raptor but ive never tried to make this work. I seriously doubt if they will support any of the lower end consumer based firewalls or anything that runs on linux. Sorry to be the bearer of bad news but i work with Sonicwall alot and they seem to only work with their own firewall VPN boxes. Just thought id save you alot of sweat and heartachePS. Since work is requiring the VPN connection, why wont they spring for the VPN router. Sonicwall has a low end telecommuter model for about $500 that will do the job.Good Luck! At 01:10 PM 7/17/2002 -0500, you wrote:Hi, My husband's work has installed a SonicWALL firewall, previously they were using a Linux system for their firewall. My husband was previously able to log into work via our DSL connection at home through a hole in the firewall set up for his static IP.The new sys admin would like us to ideally get a SonicWALL firewall with VPN tunneling at home so we could use a VPN connection to get into work. But I'd like to avoid spending the money if possible. At home we have an SMC7004ABR Barricade router that is capable of VPN pass through. Is it possible to set up some VPN software on the Linux box my husband uses at home to launch a VPN connection with his work. The other PC's on our home network would still use TCP/IP and I'd like to use TCP/IP on my husband's Linux box when he is not logged into his work to surf the net and download updates to his operating system? Is this possible? If so pointer's to documents and VPN software that would allow me to do this would be appreciated. Thanks! Kathy Bieltz _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
David M. Piscitello Core Competence, Inc. & 3 Myrtle Bank Lane Hilton Head, SC 29926 dave () corecom com 843.689.5595 www.corecom.com hhi.corecom.com/~yodave/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Newbie VPN setup/configuration question Kathy Bieltz (Jul 17)
- Re: Newbie VPN setup/configuration question Tony Howlett (Jul 18)
- Re: Newbie VPN setup/configuration question Paul D. Robertson (Jul 18)
- Re: Newbie VPN setup/configuration question Dave Piscitello (Jul 18)
- Re: Newbie VPN setup/configuration question Tony Howlett (Jul 18)
- Re: Newbie VPN setup/configuration question Kathy Bieltz (Jul 18)
- Re: Newbie VPN setup/configuration question Tony Howlett (Jul 18)
- Re: Newbie VPN setup/configuration question Tony Howlett (Jul 18)
- Re: Newbie VPN setup/configuration question Devdas Bhagat (Jul 18)