[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Checkpoint vs. Cisco VPN Client
A lot of vendors now use UDP encapsulation for VPNs behind a NAT device. I'm pretty sure Nortel supports this, and so does Cisco. We use Redcreek and Ravlinsoft, which supports this fine also (sending this mail from a RFC1918 IP box via an IPSEC tunnel through my Linux iptables NAT firewall at home). The newer SecureClient stuff from CP also seems to support NATed clients also. From reading over some sales stuff, it also looks like the new stuff supports an 'office mode' which seems similar to the way the Ravlinsoft client works. It establishes an IPSEC tunnel with the headed, then sets up a virtual interface on your box which is bound to the IPSEC tunnel. This interface gets assigned an IP from your company via some means (DHCP for Ravlinsoft, not sure for CPNG), and appropriate routes to your corporate network are established through this interface. This is nice because it gets rid of any odd routing issues when your enterprise has multiple internet connections. Makes things a lot easier to manage since to your network, your remote VPN users just look like internal LAN users. But I digress :-). - Jim Chris Arnold wrote: > SecuRemote most certainly does work behind a NAT device. > > Chris > > -----Original Message----- > From: Gregg Graubins [mailto:[email protected]] > Sent: Thursday, January 24, 2002 14.44 > To: [email protected] > Subject: Re: [FW-1] Checkpoint vs. Cisco VPN Client > > > Okay, we have a new boss how loves Cisco and he thinks it is > > the answer to all. So, he has already ruled that all > > Site-to-Site VPNs are to be replace with Cisco gear. Now he > > is asking about the client side of Checkpoint. So, I need > > some strong facts as to why Checkpoint has a better VPN setup > > for the client side than Cisco. Unfortunately I am not up on > > Cisco products to much, but I hear that you can use > > Microsoft's IPSEC client to connect to a Cisco VPN device > > instead of using the Cisco client. I think this is the main > > reason he wants to use Cisco. Can you use Windows 2K to > > connect to Checkpoint or do I have to use the Checkpoint Client? > > > > Thanks, > > Troy > > I remember that a fellow consulting buddy of mine showing me that he > found Cisco's VPN client works behind a NAT whereas CP doesn't. (Of > course I haven't played too much with CP's client too much yet) > > === > Gregg Graubins <[email protected]> > (PGP key available) > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|