RE: [fw-wiz] Netscreen compatibility
From: ROUMEGOUX Pierre (Pierre.ROUMEGOUX_at_criltechnology.com)
Date: 08/26/04
- Previous message: Paul D. Robertson: "Re: [fw-wiz] IPv6 and IPSec"
- Maybe in reply to: ROUMEGOUX Pierre: "[fw-wiz] Netscreen compatibility"
- Next in thread: Bruce Platt: "RE: [fw-wiz] Netscreen compatibility"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <Bruce@ei3.com>, <firewall-wizards@honor.icsalabs.com> Date: Thu, 26 Aug 2004 15:00:09 +0200
Thanks for your reply,
Netscreen NS-5GTE stands for NS-5GT Extended; it's a new product from Juniper/netscreen ref NS-5GT-205-AV.
It's more expensive (= 2538 EUR) than 5GT plus unlimited user ref NS-5GT-105-AV (1544 EUR).
It seems to me that it has about the same caracteristics of the Netscreen 25 but is less powerfull (less VPN tunnel=25 max, minor throughput= 75M fw 20M 3DES VPN...) but it has a DMZ and covers all the needs of my office (50 persons only, no High Availability required,...).
Thanks for your return of experience over communication between old 5XP with 5GT, it's an important information for me.
Question regarding interoperability with Microsoft: I think I will buy Netscreen client licences
The forums you talk about will be very usefull.
Other experience over communication between 10 or 5XP and 5GT will be welcomed.
Regards,
Pierre
-----Message d'origine-----
De : Bruce Platt [mailto:Bruce@ei3.com]
Envoyé : jeudi 26 août 2004 14:32
À : ROUMEGOUX Pierre; firewall-wizards@honor.icsalabs.com
Objet : RE: [fw-wiz] Netscreen compatibility
>
> I wonder if new Netscreen 5GTE are compatible with old
> Netscreen 10 or 5XP regarding VPN IPSec Tunnel.
Pierre,
To my knowledge there is no Netscreen model 5GTE, but there is a model 5GT.
I have been using these devices for some time now and they interoperate
extremely well both among members of the product family and with other
vendors.
My experience does not allow me to answer your specific question
of whether a 5GT will make a VPN with a Netscreeen 10, but I am certain it
will.
I do know from experience that the 5GT can make VPN with the model 5, the
model 5XP,
and the 200 series models very easily.
>
> Apparently, VPN IPSec Tunnel may be different from one
> construster to another (at last the interpretation of the
> standard IPSec). It seems that Microsoft IPSec client doesn't
> work well with Netscreen IPSec. Your opinion ?
>
Yes, different vendors often use different default Phase 1 and Phase 2
parameters.
What is nice about Netscreen VPN products is that it is very easy for one to
create a
Phase 1 and Phase 2 proposal which will work with almost any other vendor.
I have
created VPNs from Netscreens to Cisco Pix and to Symantec firewalls and
appliances. Other folks have wider positive experience.
Specifically to your question regarding interoperability with Microsoft, I
point you to the following
mailing list archives:
http://www.qorbit.net/nn/index.html
In the last week or so, there has been an extensive thread regarding how to
set up a VPN using the MS native
client to a Netscreen. This thread had some very good instructions in it.
If you are new to Netscreens, you might want to subscribe to the nn mailing
list and also visit the Netscreen Forum at
Good luck and regards,
Bruce
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "Re: [fw-wiz] IPv6 and IPSec"
- Maybe in reply to: ROUMEGOUX Pierre: "[fw-wiz] Netscreen compatibility"
- Next in thread: Bruce Platt: "RE: [fw-wiz] Netscreen compatibility"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
