[VPN] Solaris to Netscreen 50

Michael Ray miker at cotse.com
Tue Mar 23 09:44:15 EST 2004


On Mon, 22 Mar 2004 22:41:17 -0500, you wrote:

>
>Hello,
>
>I have a client that has a bunch of remote Solaris boxes that need to terminate into the corporate NS-50 firewall. Does anyone know of a VPN client off the shelf for Solaris that will work the the Netscreen boxes?

Cisco and F-Secure have clients for Solaris.
http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel401/401_clnt.htm
http://www.datafellows.com/products/vpnplus/ 

Sun also has IPSEC implemented on Solaris.

http://wwws.sun.com/software/whitepapers/solaris9/ipsec.pdf
http://wwws.sun.com/software/solaris/ds/ds-security/ds-security.pdf
http://wwws.sun.com/software/solaris/encryption/download.html

>Any help or ideas would be greatly appreciated.

I have not terminated Solaris to Netscreen but have done so
successfully with quite a few different OSes and IPSEC capable
devices. (Free/Open/NetBSD, various Linux distros and clients, Windows
2k, XP, 2003. Checkpoint, Cisco, Nortel, Cyberguard and I know I am
missing a couple others).

I suggest that you create custom Phase1 and Phase2 proposals. You will
also want to make sure your NAT traversal and mode is correctly set
(aggressive vs main) and supported on the Solaris side. I use VPN
monitor when I have the Netscreen connecting to a non-Netscreen device
as IKE-heartbeat is only for Netscreen to Netscreen.

Here are a few links on Solaris IPSEC, how-to, etc.

Three part Securityfocus article:
Configuring IPsec/IKE on Solaris, Part One 
http://www.securityfocus.com/infocus/1616

Configuring IPSec and Ike on Solaris, Part Two 
http://www.securityfocus.com/infocus/1625

Configuring IPsec and IKE on Solaris, Part Three 
http://www.securityfocus.com/infocus/1628

Cisco: Cisco VPN Client User Guide for Linux and Solaris
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_book09186a00801728a1.html

http://www.cisco.com/application/pdf/en/us/guest/products/ps2308/c1629/ccmigration_09186a008015cff4.pdf

Implementing IPSec in the SolarisTM 8 Environment
http://www.samag.com/documents/s=1323/sam0110c/0110c.htm

You can also find some knowledgebase articles on Netscreen's site. 

>Joel
<snip sig>

I hope that helps.

Mike




More information about the VPN mailing list