[VPN] Recommendations

Travis Watson travis at traviswatson.com
Mon Apr 12 21:47:38 EDT 2004


Dana,

I guess I'm not quite following.  Are you talking about outbound IPSec client 
connections?  That shouldn't be a problem at all unless you tweaked the MTU 
to a small size on purpose.  You aren't trying to PAT outbound connections, 
are you?

--Travis

On Monday 12 April 2004 08:43 am, Dana J. Dawson wrote:
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
>   <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
>   <title></title>
> </head>
> <body bgcolor="#ffffff" text="#000000">
> One issue I've had with Netscreen firewalls in the past is that I've
> never managed to get them to support IPSec pass-thru for generic IPSec
> clients through the Netscreen in router mode with PAT (i.e. not using
> NAT-Traversal or any other type of TCP/UDP encapsulation of the IPSec
> traffic).&nbsp; Is this a known limitation of the Netscreen, or is there a
> trick I haven't found?&nbsp; I haven't tried the latest software, so maybe
> this is no longer an issue - the last version I've tried is 4.0.3r3.0
> in a 5XP.<br>
> <br>
> Dana<br>
> <div class="moz-signature"><br>
> <img moz-do-not-send="true" src="file:///C:%5CMy%20Signature%20File.gif"
>  border="0"></div>
> <br>
> <br>
> Travis Watson wrote:
> <blockquote cite="mid200404101058.54790.travis at traviswatson.com"
>  type="cite">
>   <pre wrap="">Paul,
>
> You've already received some good recommendations and I don't mean to poor
> it on, but you may want to look at m0n0wall as well for the smaller
> site--particularly if management is cheap (<a class="moz-txt-link-freetext"
> href="http://m0n0.ch/wall/">http://m0n0.ch/wall/</a>).  It's pretty cool
> stuff and the price is right.
>
> Having said that, I usually lean toward Netscreen.  They are very
> reasonable in price, solid, and easy to manage.  The only caustion I would
> give you is that the 5-series has the 10 user and "unlimited" option for
> VPN.  Ten nodes through a tunnel can happen pretty quickly and the
> unlimited option just about doubles the price.  The 10 user limitation is
> for VPN only, however, not general connectivity.
>
> Good luck.
>
> --Travis
>
> On Thursday 08 April 2004 08:39 pm, Paul R. Yaskowski wrote:
>   </pre>
>   <blockquote type="cite">
>     <pre wrap="">I'm looking to setup a site-to-site VPN the replace a
> leased line used solely for AS/400 access. I have a couple questions as to
> what I should get.
>
> The main office consists of about 25 users with static SDSL. The remote
> office is about 5 users with dynamic ADSL.
>
> I've looked at the PIX-501, but I've always been a little scared of
> per-user licensing. If I purchased a 10-user PIX-501, and set it behind the
> SDSL at the main office, it would only allow 10 users to get Internet
> access?
>
> No matter what product I choose, would a site-to-site VPN work with a
> static address on one side and a dynamic on the other?
>
> Would any PIX handle PPPoE with a dynamically assigned IP?
>
> The company is cost-conscious, and I've looked at the PIX-506E, without the
> per-user licensing, but it is 50% more.
>
> Any comments or suggestions as to which products I should look at would be
> a great boon to me. I prefer Cisco products, because I am familiar with
> their interface, but am flexible.
>
> I would appreciate any help with this, I had Cisco certs back in the
> hey-day, but I worked with them so rarely that I let the certs expire.
>
> Paul
>
> _______________________________________________
> VPN mailing list
> <a class="moz-txt-link-abbreviated"
> href="mailto:VPN at lists.shmoo.com">VPN at lists.shmoo.com</a> <a
> class="moz-txt-link-freetext"
> href="http://lists.shmoo.com/mailman/listinfo/vpn">http://lists.shmoo.com/m
>ailman/listinfo/vpn</a> </pre>
>   </blockquote>
>   <pre wrap=""><!---->
> _______________________________________________
> VPN mailing list
> <a class="moz-txt-link-abbreviated"
> href="mailto:VPN at lists.shmoo.com">VPN at lists.shmoo.com</a> <a
> class="moz-txt-link-freetext"
> href="http://lists.shmoo.com/mailman/listinfo/vpn">http://lists.shmoo.com/m
>ailman/listinfo/vpn</a>
>
>   </pre>
> </blockquote>
> </body>
> </html>




More information about the VPN mailing list