WatchGuard SOHO VPN to Raptor 6.0/6.5

Patrick Ethier patrick at SECUREOPS.COM
Thu Jun 1 15:50:42 EDT 2000 

Hi Dave,


 It can't be IPsec compliant if it is a little off-center. My guess would be
to call SOHO and ask them if they have any known issues with talking to
Raptor. I've only played with RaptorMobile Client but I have not had a
chance to test IPsec on a Raptor gateway.

I'd say use a TCPDUMP to see what is going on in the IKE exchange but alas,
if the IKE SA and the IPsec SAs were set up then it relies on the
implementation of IPsec at either end of the tunnel.

Regards,

Patrick Ethier
patrick at secureops.com


-----Original Message-----
From: Dave Sroelov [mailto:dave at ascomputer.com]
Sent: Wednesday, May 31, 2000 7:53 PM
To: Patrick Ethier
Subject: Re: WatchGuard SOHO VPN to Raptor 6.0/6.5


patrick,

believe me, i would change alot of configuration stuff on the SOHO if i
could.  the only problem is that you can't configure much of anything.  i do
know that it doesn't use AH.  i know this because i configured the raptor to
use it and then they wouldn't even start the tunnel.

considering that everyone says they are IPSEC/ISKAMP compatible, and the
SOHO
doesn't work with checkpoint 4.0 but does with 4.1, i suspect the SOHO is a
little off center on it's implementation.  checkpoint probably made an
"accomodation" strictly for market share.

thanks for getting back to me.

    dave



Patrick Ethier wrote:

> Hi Dave,
>
>  Try configuring both sides to not use AH and see what that will do. The
> problem might rely on the way that the SOHO does NAT. If it IPsecs and the
> NATs then this would explain your problem.
>
> -----Original Message-----
> From: Dave Sroelov [mailto:dave at ASCOMPUTER.COM]
> Sent: Saturday, May 27, 2000 3:47 PM
> To: VPN at SECURITYFOCUS.COM
> Subject: WatchGuard SOHO VPN to Raptor 6.0/6.5
>
> dear everyone,
>
> i have a need to connect a watchguard soho to a raptor firewall via the
> branch vpn option for the soho.  so far, after several hours of playing
> with this option, that option, and the other option, i have the two
> connected with a live tunnel.  however, it does have it's problems, i.e.
> half the tunnel doesn't work.
>
> the following happens after the tunnel is up:
>
> 1. if i ping from a system on the raptor side to a system on the
> watchguard side, the packet goes to the raptor, over the tunnel to the
> watchguard, to the system on the other side, and gets there in one
> piece.  the receiving system sends out a reply packet, which goes to the
> watchguard, then to the raptor.  but the raptor says it has a bad
> checksum and dumps it.
>
> 2. if i ping from a system on the watchguard side to a system on the
> raptor side, the packet goes to the watchguard, over the tunnel to the
> raptor, and the raptor says it has a bad checksum and dumps it.
>
> since the tunnel is up, meaning that the authentication worked, i assume
> that the two boxes can talk to each other.  but for some reason, when
> the watchguard is emcapsulating regular data packets, it is doing
> something just a little off center.
>
> any help would be greatly appreciated.
>
> thanks.
>
>     dave
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list