Re: [fw-wiz] Newbie VPN setup/configuration question

From: Kathy Bieltz (kbieltz@hal-pc.org)
Date: 07/18/02


From: Kathy Bieltz <kbieltz@hal-pc.org>
To: Dave Piscitello <dave@corecom.com>
Date: Thu Jul 18 13:13:01 2002

Dave,

Thanks for your info on how to setup and get a VPN connection
working. My husband doesn't just transfer files, he displays back
to his Linux box the GUI interface for a Seismic Data processing
program that is very graphic intensive running on the computer
at work. We use 'vncviewer' to speed up the graphic display to his
Linux box so he can pick velocities, etc.

Do you know anything about SMC's Barricade Plus($109)? It's cheaper
than SonicWALL TELE3($500).

Here's the hardware setup I invision - will this work?

work LAN
  |
SonicWALL
  |
 ISP
  .
internet
  .
  |
ISP
  |
DSL Modem
  |
SMC7004ABR Broadband router (VPN passthrough)
  |
Home LAN
  | | |
  | | WinXP Computer (TCP/IP)
  | Linux Computer (TCP/IP)
SMC7004FW Broadband router (VPN IPSEC & PPTP)
  |
Wireless AP
  |
Wireless NIC
  |
Linux computer (TCP/IP) running 'vncviewer'

Kathy Bieltz

Dave Piscitello wrote:

> SonicWall does work with other vendor VPN appliances. We have several
> running in a multi-vendor test network we use to teach VPNs at
> Networld/Interop, etc. The other vendor equipment includes CheckPoint,
> WatchGuard, Netscreen, and the products formerly known as the Nokia
> CryptoCluster (abandoned product line) and RapidStream (acquired by
> WatchGuard).
>
> The *trick* with multi-vendor VPNs is matching IKE and IPsec policies both
> ends support. We've been successful with SonicWall and other vendor
> equipment when we use IKE (pre-shared secrets, Diffie Hellman Group 2,
> SHA1, 3DES, Perfect Forward Secrecy, 8 hour lifetime) and IPsec (ESP, SHA1,
> 3DES). There is at least one documented bugs in the SonicWall GUI that can
> throw you for a loop when you go the multivendor route, so visit the
> support site.
>
> SonicWall OEMs the SafeNet VPN client. This is a win32 software package and
> it's a very clean install. WatchGuard and Netscreen also OEM this client,
> as do several other VPN vendors.
>
> You can get a Free S/WAN client, open source and executables, for Linux.
> I don't know of anyone who's tried this with a SonicWall, but check first
> that you can configure the IKE and IPsec SA parameters I suggested above. I
> know Free S/WAN supports raw public keys - Sonic does not, so crawl before
> you walk.
>
> Frankly, you'd probably spend less time creating a Win32 partition (dual
> boot) on your husband's Linux box, or (better) install the SafeNet VPN
> client on another Win32 machine in your house, and have him use SAMBA to
> mount and transfer files between his linux machine and the VPN client.



Relevant Pages

  • Re: Secured Linux box for Windows access
    ... On the client side, I can automatically remove temp files, harden up ... > struggling with the Linux side and its configuration. ... it is possible to use a VPN to secure your shares as tehy go ... distribution-specific guides to security. ...
    (Security-Basics)
  • Cicso Linux VPN Client problems
    ... I am relatively new to Linux ... We are attempting to establish a VPN to a client's system. ... client has a Cisco PIX Firewall 515 and I have been attempting to ... Copyright 1998-2002 Cisco Systems, ...
    (RedHat)
  • Re: WRT54GL with DD-WRT VPN firmware - wheres the beef?
    ... There is no "server" of any real ... Netgear Prosafe VPN client works well with Sonicwalls in a GroupVPN SA using ... even have access to another Sonicwall, ...
    (alt.internet.wireless)
  • Re: Hub and Spoke configuration, or something better, using SonicWALL?
    ... > can be at any remote client node and be able to access and manage the ... > We install SonicWALL Tele or Soho security appliances at our client ... > less-transparent configuration for greater security. ... GroupVPN is used with the Windows VPN Client, not in a hub and spoke ...
    (comp.security.firewalls)
  • Re: Connecting to Microsoft VPN with Linux?
    ... > know anything about Linux, so they wish to convert the ... > Microsoft VPN solution their end. ... Each L2TP client gets a separate tunnel. ... download); install certs using provided GUI Wizard; configure the DUN VPN ...
    (Fedora)