[vpn] vpn planning

Christopher Gripp cgripp at axcelerant.com
Wed Mar 6 00:59:51 EST 2002


These boxes are in fact VPN capable.  Supporting 3DES, IKE, etc. etc.  Haven't tested them yet though.  So this isn't a recommendation.

-----Original Message-----
From: Watson, Travis [mailto:Travis.Watson at Honeywell.com]
Sent: Tuesday, March 05, 2002 5:29 PM
To: 'mcse4dave at yahoo.com'; vpn at securityfocus.com
Subject: RE: [vpn] vpn planning


I'm not absolutely positive, but I would bet a lot of money that these routers will only pass T-DES traffic--the VPN
termination would still be with a host behind them (say, a FreeS/WAN box).  If you find out differently, however, please
let me know because it would be very interesting for SOHO users.

--Travis

-----Original Message-----
From: mcse4dave at yahoo.com [mailto:mcse4dave at yahoo.com]
Sent: Wednesday, February 27, 2002 9:12 AM
To: vpn at securityfocus.com
Subject: Re: [vpn] vpn planning


Hi All,

I was wondering if anybody knows if there is any security issues using this
new VPN Router from Linksys (
http://www.linksys.com/Products/product.asp?grid=23&prid=411 )
They claim it can support up to 70 tunnels at once.
Could they be used instead of more difficult/expensive dedicated servers and
such?
Has anyone tried these?
Seems to me a proper link could be built for about $300.00 ( 2x$150 each )
and it seems very easy to configure.

Thanks,
David Hennessey



----- Original Message -----
From: "Travis Watson" <rtwatson at qwest.net>
To: "Steve Hunt" <stephen_hunt at sunguru.com>
Cc: <vpn at securityfocus.com>
Sent: Tuesday, February 26, 2002 10:26 PM
Subject: RE: [vpn] vpn planning



I'm not sure what you are running on the other side, but if you are running
FreeS/Wan on both sides (or at least two IPSec capable devices), no client
software is necessary.  The VPN device will make the distant end look and
function like a logical extension of the existing LAN and vice-versa.

Two notes:
--FreeS/Wan can only do one subnet per secure connection.  So if you need to
get to 5.5.0.0/16 and 6.6.0.0/16, it will require two different tunnels.
Not a big deal, but just so you know.
--IPX is bad juju with IPSec.  If there is any Novel involved, try to
eliminate it or upgrade to 5.1

After the tunnel is up, just have the internal routers point remote end IPs
back to the inside IP of the VPN device, and you should be set.

Regards,

Travis


-----Original Message-----
From: Steve Hunt [mailto:stephen_hunt at sunguru.com]
Sent: Tuesday, February 26, 2002 3:47 PM
To: vpn at securityfocus.com
Subject: [vpn] vpn planning




Hi,  I'm planning to install a vpn so that two of our  locations can share
the same database,and access  each other's local network shares.  I had
planned to use free s/wan with a linux firewall  like ipchains for this,
setting up a NAT with firewalling  rules,then setting up the vpn on that
machine.  After  doing some reading, I see that there's probably more  to
it.  For example,do I need some kind of Windows  vpn client for the windows
workstations?  Is there  anyway to make the vpn transparent to the user,such
that any traffic to the remote LAN is automatically  routed through the vpn?
What are some general recommendations,as in what  software should I use, how
to integrate firewalling into  a vpn solution, sample hardware and software
setups?  Thanks for any info, pointers etc yall can provide!  Steve

VPN is sponsored by SecurityFocus.com



VPN is sponsored by SecurityFocus.com



VPN is sponsored by SecurityFocus.com

VPN is sponsored by SecurityFocus.com


VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list