Shiva LanRover VPN

Kruse, Darren darren.kruse at EDS.COM
Wed Jan 19 18:15:45 EST 2000


Thomas,
I have over 12 months experience with the Shiva Lanrover VPN. We are using
it at several of our customer sites and are really happy with it.

First, you need to be using version 6.7 of the s/w. The client code is 6.7
patch 2 and the latest gateway code is 6.7 patch 3. The GUI manager is also
6.7 p3. Get this code from your Shiva rep before going any further.

We only use multiple remote user tunnels and I have also seen the same
problems when using the older code.
If it is W95 client, it MUST have the WINSOCK 2 patch.

Regarding the DHCP pool, we don't use true Microsoft DHCP, but instead
allocate a secondary IP address to the inside trusted interface on the vpn
gateway. For example, if the g/w is 123.123.123.2 , the nearest inside
router is 123.123.123.1 which leaves us with a pool from .3 up to .254 for
client IPs (assuming a /24)

I have not used certs , but are instead used Shiva access manager (RADIUS).
We alo have Secur-ID working well at another location. Both work exremely
well. You can get a 45 day eval of SAM 5.0 from the Shiva web site. One of
my collegues in the US also had the Lanrover working with Cisco Secure
(another RADIUS implementation)

I've attached a sanitized version of a g/w config. Just replace "inside" and
"outside" with the subnets you are using. Note the "another-inside-subnet"
for the secondary for the client IP's.

The client IPs don't have to be routable on the internet, just on the
trusted network - so you can use 10. or any addressing for client IP's that
you like.

Hope this helps,

regards,
Darren Kruse 
Advanced Communications Engineer
EDS (Australia)
tel: + 61 8 8301 5322 <<-- !! **Note new phone number** !!
PGP Fingerprint (valid to 31/12/2000) 
6CD809275B6777820D61888AF84DEF004AF40E9F mailto://darren.kruse@eds.com 



> -----Original Message-----
> From: Thomas J. Arseneault [mailto:arsen at GNAC.COM]
> Sent: Tuesday, January 18, 2000 8:01 AM
> To: VPN at SECURITYFOCUS.COM
> Subject: Shiva LanRover VPN
> 
> 
> Software version 6.6. I'm trying to get the single user 
> tunnel to work but
> it keeps complaining about "Can't assign Client IP". I have 
> tried turning
> off the "Client IP" check box to no avail. I'm unclear about 
> the use of the
> multiple tunnel config and am also wondering if that is what 
> I should be
> doing instead of a single tunnel. The initial tests are being 
> done with a
> single user but the active config will have multiple users 
> from multiple
> sites. We plan on using Certs once we get up and running but 
> the tests will
> be done with shared secret's.
> 
> Also how does one deal with DHCP address at the far end?
> 
> I'm sure I left out something important so if you all need 
> more information
> please feel free to ask for it. P.S. I have never gotten one 
> of these to
> work so I don't know what a working one looks like so 
> sanitized configs
> would come in handy. Thanks.
> 
> 
> **********************************************
> Tom Arseneault
> System Admin.
> Gnac Inc.
> arsen at gnac.com
> **********************************************
> 
> VPN is sponsored by SecurityFocus.COM
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: sanitized adlvpn01 january 13th 2000.cfg
Type: application/octet-stream
Size: 3737 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20000120/6d7ecc55/attachment.obj 


More information about the VPN mailing list