RE: [fw-wiz] Netscreen compatibility

• Previous message: Melson, Paul: "RE: [fw-wiz] VPN endpoints"
• Maybe in reply to: ROUMEGOUX Pierre: "[fw-wiz] Netscreen compatibility"
• Next in thread: Peter Bruderer: "Re: [fw-wiz] Netscreen compatibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <Pierre.ROUMEGOUX@criltechnology.com>, <firewall-wizards@honor.icsalabs.com>
Date: Thu, 26 Aug 2004 09:51:52 -0400

Yes, the new versions of ScreenOS are backward compatible to most of the
older versions as far as site-to-site IPSec VPN tunnels go.

There are definite client compatibility issues. Newer NetScreen clients
cannot connect to older NetScreen firewalls and so on. (This has less
to do with IPSec and more to do with supported client authentication
mechanisms.)

Additionally, the NetScreen-10 and NetScreen-5XP are both EOL/EOS
products. If you've got them running in production environments, you
should consider replacing them with something newer. (Especially the
NS-10, which has known security flaws that have gone unfixed since it
was EOL-ed.)

PaulM

> -----Original Message-----
> I wonder if new Netscreen 5GTE are compatible with old
> Netscreen 10 or 5XP regarding VPN IPSec Tunnel.
>
> Apparently, VPN IPSec Tunnel may be different from one
> construster to another (at last the interpretation of the
> standard IPSec). It seems that Microsoft IPSec client doesn't
> work well with Netscreen IPSec. Your opinion ?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Melson, Paul: "RE: [fw-wiz] VPN endpoints"
• Maybe in reply to: ROUMEGOUX Pierre: "[fw-wiz] Netscreen compatibility"
• Next in thread: Peter Bruderer: "Re: [fw-wiz] Netscreen compatibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]