solaris -> nt -> vpn

Azim.Ferchichi at SWISSCOM.COM Azim.Ferchichi at SWISSCOM.COM
Wed Dec 15 03:42:05 EST 1999


Hi,
The Trustworks company sells IPSEC server for Solaris machine. So if U have
to set up a secure connection between this solaris machine (your dev
server), and a partner site, you only need to buy the IPSEC software for
solaris machine which costs around 2,000 US$. The first thing U have to
check it's if the partner's VPN is IPSEC compliant or not. If it is then you
can work with the product I mentionned (and other same products should
exist).  Of course you will have to open the port for IKE in the firewall
and let pass the IPSEC traffic between the 2 machines... Another problem is
the management. As VPN management is not standardised, it's quite sure that
it won't be possible to manage your IPSEC server with the management tools
of your partner's VPN. But you will be able to manage your IPSEC dev server
directly from the console (if any), and maybe it's better for U because you
keep control on the security of your machine, even if it's part of a
partner's VPN....

Concerning the solution you mentionned "NT router with VPN software",
theoretically it's possible, but we had in the past some surprise with the
routing and NT, and I think if you want to avoid problems you better choose
the solution I mentioned...

Hope it helps

Azim Ferchichi
___________________
CIT-CT-TPM
IT security and Smart-cards
Swisscom AG
CH-3050 BERN
Phone: +41 31 342 09 22
Mobile: +41 79 301 55 56
Fax:      +41 31 342 00 08
______________________

> ----------
> From: 	Indiana Zephyr[SMTP:aldiss at cjas.org]
> Sent: 	mardi, 14. décembre 1999 23:54
> To: 	VPN at SECURITYFOCUS.COM
> Subject: 	solaris -> nt -> vpn
> 
> If anyone out there could provide comments and pointers on the following,
> thanks much in advance.  obviously I'm a beginner, so not sure why I got
> stuck with this, but anyway...
> 
> My company needs to connect to someone else's VPN.  Both networks are
> behind CheckPoint FW-1.  Instead of setting up a VPN server on our end
> (which we probably can't afford) we're going to try connecting using a VPN
> client, the way many laptop users connect using dialup networking.  The
> trick is, it's our dev server (Solaris) which needs to trade data through
> the VPN link. Currently only NT VPN clients are available (aside: does
> anyone know if F-Secure's VPN client would work with CheckPoint's VPN or
> is there proprietary stuff going on?).
> 
> Someone came up with the great idea of setting up an NT box as a router
> and installing the NT VPN client on there, then routing all traffic from
> the Solaris box through the NT VPN client.  Does this sound possible to
> people on this newsgroup?  I'd like a sanity check here.  Theoretically it
> sounds like we can implement it, but who knows.  Thanks for your help.
> 
> VPN is sponsored by SecurityFocus.COM
> 

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list