Firewall Wizards mailing list archives
Re: Newbie VPN setup/configuration question
From: Tony Howlett <thowlett () netsecuritysvcs com>
Date: Thu, 18 Jul 2002 09:08:01 -0500
At 08:31 AM 7/18/2002 -0400, you wrote:
SonicWall does work with other vendor VPN appliances. We have several running in a multi-vendor test network we use to teach VPNs at Networld/Interop, etc. The other vendor equipment includes CheckPoint, WatchGuard, Netscreen, and the products formerly known as the Nokia CryptoCluster (abandoned product line) and RapidStream (acquired by WatchGuard).The *trick* with multi-vendor VPNs is matching IKE and IPsec policies both ends support. We've been successful with SonicWall and other vendor equipment when we use IKE (pre-shared secrets, Diffie Hellman Group 2, SHA1, 3DES, Perfect Forward Secrecy, 8 hour lifetime) and IPsec (ESP, SHA1, 3DES). There is at least one documented bugs in the SonicWall GUI that can throw you for a loop when you go the multivendor route, so visit the support site.
Again, i didnt say it wasnt possible just that it might be fairly technical and difficult. I have worked with vendors such as Checkpoint who have a pretty decent support staff for these thing and had problems. Now maybe someone with a deep technical background in VPNs or if they have a support contract with the vendor, then they could make it work. What gave me pause is that SMC is really more into consumer electronics and not likely to have a guy that even under stands what IKE and IPSec means, much less be of much help, atleast in the first few levels of tech support. We have usually thrown up our hands and used an end to end sonicwall solution but maybe we are just lazy :-)
SonicWall OEMs the SafeNet VPN client. This is a win32 software package and it's a very clean install. WatchGuard and Netscreen also OEM this client, as do several other VPN vendors.
An excellent solution that i didnt even think of. Sonicwall sells the Windows VPN client for $75 but the S/Wan solutions and others would probably work also (emphasis on probably!)
Good Luck! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Newbie VPN setup/configuration question Kathy Bieltz (Jul 17)
- Re: Newbie VPN setup/configuration question Tony Howlett (Jul 18)
- Re: Newbie VPN setup/configuration question Paul D. Robertson (Jul 18)
- Re: Newbie VPN setup/configuration question Dave Piscitello (Jul 18)
- Re: Newbie VPN setup/configuration question Tony Howlett (Jul 18)
- Re: Newbie VPN setup/configuration question Kathy Bieltz (Jul 18)
- Re: Newbie VPN setup/configuration question Tony Howlett (Jul 18)
- Re: Newbie VPN setup/configuration question Tony Howlett (Jul 18)
- Re: Newbie VPN setup/configuration question Devdas Bhagat (Jul 18)