Firewall Wizards mailing list archives

RE: Netscreen compatibility

From: "Melson, Paul" <PMelson () sequoianet com>
Date: Thu, 26 Aug 2004 09:51:52 -0400

Yes, the new versions of ScreenOS are backward compatible to most of the
older versions as far as site-to-site IPSec VPN tunnels go.

There are definite client compatibility issues.  Newer NetScreen clients
cannot connect to older NetScreen firewalls and so on.  (This has less
to do with IPSec and more to do with supported client authentication
mechanisms.)

Additionally, the NetScreen-10 and NetScreen-5XP are both EOL/EOS
products.  If you've got them running in production environments, you
should consider replacing them with something newer.  (Especially the
NS-10, which has known security flaws that have gone unfixed since it
was EOL-ed.)

PaulM

-----Original Message-----
I wonder if new Netscreen 5GTE are compatible with old 
Netscreen 10 or 5XP regarding VPN IPSec Tunnel.

Apparently, VPN IPSec Tunnel may be different from one 
construster to another (at last the interpretation of the 
standard IPSec). It seems that Microsoft IPSec client doesn't 
work well with Netscreen IPSec. Your opinion ?

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Netscreen compatibility ROUMEGOUX Pierre (Aug 26)
- Re: Netscreen compatibility Peter Bruderer (Aug 27)
- <Possible follow-ups>
- RE: Netscreen compatibility Melson, Paul (Aug 27)
- RE: Netscreen compatibility ROUMEGOUX Pierre (Aug 28)
- RE: Netscreen compatibility Bruce Platt (Aug 28)