[vpn] checkpoint and sonicwall

[Scott Penno]

Similarly, I've used software clients from a number of vendors (including
TimeStep PERMIT/Client, Checkpoint, Windows 2000 and FreeBSD) to talk to
various hadware devices including those from Allied Telesyn, TimeStep,
Checkpoint and Cisco with a reasonable level of success.
I'm not sure about both the clients, but if they're both using IPSec and
are both attempting to bind to UDP port 500 for ISAKMP messages, then
someone is going to lose out.  If this is the case, I can't explain why it
has worked in the past.
If they are both using IPSec and you know the parameters for each device,
you should be able to use one of the clients to connect to both devices,
or failling that, configure the IPSec functionality within Windows 2000 to
connect to both boxes.

Scott.


----- Original Message -----
From: "Travis Watson" <rtwatson at qwest.net>
To: "fabian panthen" <panthen at gmx.net>
Cc: <vpn at securityfocus.com>
Sent: Saturday, June 22, 2002 11:53 AM
Subject: Re: [vpn] checkpoint and sonicwall


> I haven't seen anyone respond as yet, so I'll take a stab at it.
>
> Though I've never worked with Sonicwall, I've worked with several other
> IPSec VPN clients (including Checkpoint's) and I have yet to see two of
> them play nice with each other.
>
> I have seen the FreeS/WAN client play with both a Nortel Contivity,
> FreeBSD box and Linux box (latter two using FreeS/WAN, of course), but
> the Contivity had to be configured to use FreeS/WAN and, on the
> Contivity side, WINS was lost in the process (understandably), so it
> didn't do a whole lot of good for someone wanting to get to a bunch of
> Windows resources by DNS name.  The network was lacking anything Samba
> as well, so the FreeS/WAN wasn't much use either unless it was for UNIX
> sysads needing to do command line banging.  It was just a test, really.
>
> So, in short, I think you're screwed.  Sorry to the be the bringer of
> bad news, and I hope I'm wrong, but you are probably stuck having to go
> through install/reinstall hell unless you get a small hardware device of
> your own and eliminate the client software piece completely.  If this is
> a long term thing and necessary for work, you might be able to talk boss
> man into it--especially if others can use it.  A Netscreen 5xp (for
> example) retails at $495 with $150/yr support costs--not all too
> expensive, really.  Just a thought.
>
> Good luck.
>
> --Travis
>
>
>
> On Thu, 2002-06-20 at 04:46, fabian panthen wrote:
> > i'm just a developer, no vpn guru and have the following problem:
> >
> > i need simultaneous access to 2 remote sites, one accessed via
> > checkpoint scureclient and the other via sonicwall vpn client.
> > used to work fine with the crappy win me on my laptop but had to
switch
> > to win2k
> > for .net install. since the i can only have one or the other installed
> > for either one to work.
> > this makes developing very uneasy so the question is whether i can
> > access both
> > vpn's with only one client?
> > any experience?
> >
> > thx
> >
> > fabian
> >
> >
> > VPN is sponsored by SecurityFocus.com
> >
> >
>
>
>
> VPN is sponsored by SecurityFocus.com
>
>
>



VPN is sponsored by SecurityFocus.com