[vpn] checkpoint and sonicwall

TKoopman at SonicWALL.com TKoopman at SonicWALL.com
Sat Jun 22 14:39:40 EDT 2002 

Fabian, 

Travis has summed it up.

The Checkpoint SecureRemote client has not been successfully configured to connect to the SonicWALL VPN.  The SonicWALL VPN client is the Safenet client used by many vendors.  Look around to see if anyone has gotten the safenet client to connect to a Checkpoint.

Most likely, there are some IPSEC parameters that need to be tweaked to get either of these clients to work.  If you do not have control and permissions to change security association parameters, then you probably won't succeed.

Travis does have the right suggestion.  Use a VPN firewall/appliance.  He suggest a Netscreen.  I suggest a SonicWALL TELE3.  And not just because I work for SonicWALL :).  Why introduce a third platform to deal with.

The SonicWALL can establish a tunnel to a Checkpoint.  This is documented on our website.  And you won't have any problems establishing a tunnel between your two SonicWALLs.  As long as one of the two endpoints has a static WAN IP address.

Best Regards

Todd Koopman
SonicWALL

-----Original Message-----
From: Travis Watson [mailto:rtwatson at qwest.net]
Sent: Friday, June 21, 2002 6:53 PM
To: fabian panthen
Cc: vpn at securityfocus.com
Subject: Re: [vpn] checkpoint and sonicwall


I haven't seen anyone respond as yet, so I'll take a stab at it.

Though I've never worked with Sonicwall, I've worked with several other
IPSec VPN clients (including Checkpoint's) and I have yet to see two of
them play nice with each other.

I have seen the FreeS/WAN client play with both a Nortel Contivity,
FreeBSD box and Linux box (latter two using FreeS/WAN, of course), but
the Contivity had to be configured to use FreeS/WAN and, on the
Contivity side, WINS was lost in the process (understandably), so it
didn't do a whole lot of good for someone wanting to get to a bunch of
Windows resources by DNS name.  The network was lacking anything Samba
as well, so the FreeS/WAN wasn't much use either unless it was for UNIX
sysads needing to do command line banging.  It was just a test, really.

So, in short, I think you're screwed.  Sorry to the be the bringer of
bad news, and I hope I'm wrong, but you are probably stuck having to go
through install/reinstall hell unless you get a small hardware device of
your own and eliminate the client software piece completely.  If this is
a long term thing and necessary for work, you might be able to talk boss
man into it--especially if others can use it.  A Netscreen 5xp (for
example) retails at $495 with $150/yr support costs--not all too
expensive, really.  Just a thought.

Good luck.

--Travis



On Thu, 2002-06-20 at 04:46, fabian panthen wrote:
> i'm just a developer, no vpn guru and have the following problem:
> 
> i need simultaneous access to 2 remote sites, one accessed via
> checkpoint scureclient and the other via sonicwall vpn client.
> used to work fine with the crappy win me on my laptop but had to switch
> to win2k
> for .net install. since the i can only have one or the other installed
> for either one to work.
> this makes developing very uneasy so the question is whether i can
> access both
> vpn's with only one client?
> any experience?
> 
> thx
> 
> fabian
> 
> 
> VPN is sponsored by SecurityFocus.com
> 
> 



VPN is sponsored by SecurityFocus.com


VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list