Sanity Check - Raptor-to-Cisco VPN plan (fwd)

Tina Bird tbird at PRECISION-GUESSWORK.COM
Thu Mar 9 12:51:03 EST 2000


Hi all -- please reply directly to allegroceo at yahoo.com,
in case he doesn't subscribe to the VPN list.

t.

---------- Forwarded message ----------
Date: Tue, 7 Mar 2000 11:47:01 -0800 (PST)
From: John Burgess <allegroceo at yahoo.com>
To: firewall-wizards at nfr.net
Subject: Sanity Check - Raptor-to-Cisco VPN plan

After weeks of debate (me vs CIO) regarding how to
best integrate data comm between two companies (lets
call them "us" and "them") after a merger it looks
like we are going to go for a VPN between our existing
Internet circuits ( "us" has point-to-point to C&W;
"them" has frame-relay to local ISP).  "us" has a NT
Raptor firewall, "them" has a Watchguard Firebox.
Tried to setup a VPN between firewalls and although
Raptor tech support was willing to help, Watchguard
tech support refused to even log a call since it
involved Raptor.    Several attempts to create a VPN
between the two firewall's failed.  Internet searches
revealed lot's of 'should be possible' hits, but no
real meat.  Gave up on this angle.

Out of all the remaining possible solutions, CIO wants
to do a VPN between Raptor and Cisco 1750 router.  I
found a how-to on firetower.com for the Raptor-Cisco
VPN so it seems possible or probable that it could
work.

The circuits are 128K ("them")  and 512K ("us") with
approximately 250 nodes on the "us" side and 50 nodes
on the "them" side.

Cisco documentation says the 1750 can handle VPN for
up to a 512K circuit.

After the 1750 is in place at the "them" location, we
will re-ip all their nodes to make "them" one of the
"us" subnets, the new "them" router will be configured
with Static NAT and PAT, access lists created to deny
all non-VPN inbound traffic but SMTP, allow all
outbound traffic, and the "them" firebox removed from
service.

Questions:

1) Has anyone actually made a Raptor to Watchguard VPN
work?
2) Is the 1750 with IPSEC VPN going to be able to
handle the load?
3) Does a Raptor-to-Cisco VPN really work?
4) Any good reason to leave the firebox in place?
5) If 3 is true, can it be made completely transparent
to only traffic coming from the VPN endpoint on the
1750?

All comments welcome and encouraged.

John Burgess


__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list