Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Checkpoint vs. Cisco VPN Client

To: [email protected]
Subject: Re: [FW-1] Checkpoint vs. Cisco VPN Client
From: Jim Burwell <[email protected]>
Date: Thu, 24 Jan 2002 13:45:34 -0800
Organization: Broadvision, Inc
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

A lot of vendors now use UDP encapsulation for VPNs behind a NAT
device.  I'm pretty sure Nortel supports this, and so does Cisco.  We
use Redcreek and Ravlinsoft, which supports this fine also (sending this
mail from a RFC1918  IP box via an IPSEC tunnel through my Linux
iptables NAT firewall at home).

The newer SecureClient stuff from CP also seems to support NATed clients
also.  From reading over some sales stuff, it also looks like the new
stuff supports an 'office mode' which seems similar to the way the
Ravlinsoft client works.  It establishes an IPSEC tunnel with the
headed, then sets up a virtual interface on your box which is bound to
the IPSEC tunnel.  This interface gets assigned an IP from your company
via some means (DHCP for Ravlinsoft, not sure for CPNG), and appropriate
routes to your corporate network are established through this
interface.  This is nice because it gets rid of any odd routing issues
when your enterprise has multiple internet connections.  Makes things a
lot easier to manage since to your network, your remote VPN users just
look like internal LAN users.  But I digress :-).

- Jim

Chris Arnold wrote:

> SecuRemote most certainly does work behind a NAT device.
>
> Chris
>
> -----Original Message-----
> From: Gregg Graubins [mailto:[email protected]]
> Sent: Thursday, January 24, 2002 14.44
> To: [email protected]
> Subject: Re: [FW-1] Checkpoint vs. Cisco VPN Client
>
> > Okay, we have a new boss how loves Cisco and he thinks it is
> > the answer to all. So, he has already ruled that all
> > Site-to-Site VPNs are to be replace with Cisco gear. Now he
> > is asking about the client side of Checkpoint. So, I need
> > some strong facts as to why Checkpoint has a better VPN setup
> > for the client side than Cisco. Unfortunately I am not up on
> > Cisco products to much, but I hear that you can use
> > Microsoft's IPSEC client to connect to a Cisco VPN device
> > instead of using the Cisco client. I think this is the main
> > reason he wants to use Cisco. Can you use Windows 2K to
> > connect to Checkpoint or do I have to use the Checkpoint Client?
> >
> > Thanks,
> > Troy
>
> I remember that a fellow consulting buddy of mine showing me that he
> found Cisco's VPN client works behind a NAT whereas CP doesn't. (Of
> course I haven't played too much with CP's client too much yet)
>
> ===
> Gregg Graubins <[email protected]>
> (PGP key available)
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Checkpoint vs. Cisco VPN Client
  - From: Don <[email protected]>

References:
- Re: [FW-1] Checkpoint vs. Cisco VPN Client
  - From: Chris Arnold <[email protected]>

Prev by Date: Re: [FW-1] Checkpoint vs. Cisco VPN Client
Next by Date: Re: [FW-1] Checkpoint vs. Cisco VPN Client
Previous by thread: Re: [FW-1] Checkpoint vs. Cisco VPN Client
Next by thread: Re: [FW-1] Checkpoint vs. Cisco VPN Client
Index(es):
- Date
- Thread