Re: Multipoint VPN access, but secure - SonicWALL? Other hardware?

From: dude...you got a dell (dude@yougotadell.com)
Date: 08/28/02


From: "dude...you got a dell" <dude@yougotadell.com>
Date: Tue, 27 Aug 2002 23:31:10 GMT

Seems to me that using PCAnywhere at EVERY client computer at EVERY site
would get a little expensive, wouldn't it?

"David Bodhi" <only_junk_mail2002@yahoo.com> wrote in message
news:62b6168e.0208270805.72a636cb@posting.google.com...
> We have various clients currently using SonicWALL security appliances.
> Our goal is to set up a VPN or VPNs that allow our technicians, at any
> VPN site, access to any other client network for maintainance. The
> access we want is not just to the SonicWALL, but also to the computers
> on the internal network at each site, using PCanywhere.
>
> We're told by SonicWALL tech support that, by using the built-in Group
> VPN and configuring each client site to be part of that group, that
> the different "branches" of the VPN would not be able to see each
> other's computers when browsing their Network Neighborhood, but, by
> enabling the PCanywhere filter, we'd be able to connect to them as
> long as we know the internal IP address of the machine we're after.
> The SonicWALL security settings are pretty good and we can set the
> security at maximum, so, presumably, sites would still be well
> protected from outsiders.
>
> A few questions still exist:
>
> *Is* Group VPN the best way to approach this issue?
>
> Since many of our clients are using cable or DSL connections where the
> WAN IP address of the SonicWALL *might* change, we're looking for a
> way to make the VPN configuration more permanent. SonicWALL tells us
> that the unique identifying name of the specific appliance is not
> available to use to set up the VPN.
>
> Does anyway know of a way to ensure the VPN connection, even with DHCP
> providing the IP addresses? Other hardware besides the SonicWALL?
>
> Would we be better off, security-wise, enabling and disabling a VPN on
> the fly, when maintainance is needed, rather than leaving the
> PCanywhere access open? Again, here we run into the potential problem
> of IP addresses changing.
>
> Presumably a contact person at a customer site could check the WAN IP
> address of their SonicWALL, if that changes, but we'd like something
> less dependent on human beings, if possible.
>
> Does anyone have any suggestions?



Relevant Pages

  • Re: WRT54GL with DD-WRT VPN firmware - wheres the beef?
    ... There is no "server" of any real ... Netgear Prosafe VPN client works well with Sonicwalls in a GroupVPN SA using ... even have access to another Sonicwall, ...
    (alt.internet.wireless)
  • Re: Hub and Spoke configuration, or something better, using SonicWALL?
    ... > can be at any remote client node and be able to access and manage the ... > We install SonicWALL Tele or Soho security appliances at our client ... > less-transparent configuration for greater security. ... GroupVPN is used with the Windows VPN Client, not in a hub and spoke ...
    (comp.security.firewalls)
  • RE: VPN Question
    ... The usual issue is that the firewall the client is behind is ... At the VPN server (in your case, the SonicWall), ... the "envelope" source IP address had been altered by the NAT, ...
    (Security-Basics)
  • Re: Sonicwall VPN: Phase 2 failures Anyone know of a good resource for Sonicwall VPN support?
    ... > establish a VPN into the Sonicwall using the Client software ver 8.x ... There are issues with the licensing with 6.5.x.x firmware and VPN client licenses that you will need to address with sonicwall. ...
    (comp.security.firewalls)
  • Unable to establish communications with Sonicwall
    ... I have installed Sonicwall Global VPN Client v 2.1.0.111 on a Win98SE ... I also have installed PCAnywhere on this PC. ... have an SBC T1 into Sonicwall Pro 200 into our network. ...
    (comp.security.firewalls)