[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] BEFVP41 - EtherFast Cable/DSL VPN Router VPN to Check Point NG FP1 - Partial Success
Everyone,
Has anyone used the
VPN features in the LinkSYS BEFVP41 Cable/DSL VPN router?
LinkSys has a new
Cable/DSL router with site to site VPN functionality. http://www.linksys.com/products/product.asp?grid=23&prid=411 As you might expect
for a device that sells for $140 to $160, there are only two pages of VPN
documentation. The good news is that I was able to build a VPN from the LinkSys
VPN router to an NG FP1 firewall. The bad news is that I can only send traffic
in one direction. I can ping any computer on the LAN from a computer behind the
LinkSys VPN router.
The
TestComputer can access anything on the ServerSegment or WorkstationSegment
portion of the LAN. A user logged into a Linux server in the ServerSegment can
not ping the TestComputer. The firewall logs report "encryption failure:
Encryption/Decryption Failure" when a user on LinuxServer telnets to
TestComputer behind the LinkSys VPN router. The firewall logs report "encryption
failure: no response from peer." when a user on LinuxServer pings TestComputer
behind the LinkSys VPN router.
ServerSegment
172.28.192.0/22
|
WorkstationSegment
172.28.200.0/22
LinuxServer
172.28.200.1/22
|
FirewallLAN
172.28.208.0/22
|
DMZA
172.28.212.0/22
|
InternetA
12.0.0.A/24
InternetB
12.0.0.B/24 (Outside Encryption Domain)
|
LinkSysPublic
12.0.0.B1
LinkSysPrivate
192.168.97.1
|
TestComputer
192.168.97.100
The current configuration would work fine for someone with a static IP address who does not need to access his home computer from the office. Please let me know if you have VPN access working in both directions with CP NG FP1 and the LinkSys VPN router. If someone wants more details about the test setup or logging information from the LinkSys VPN router, send me an e-mail. The biggest problem I have with the LinkSys VPN device, when considered as an alternative to SecuRemote, is that there is no support for DHCP assigned IP addresses. If your cable modem looses it's DHCP assigned IP address, the system administrator would need to enter the new IP address into the corporate firewall. SofaWare is supposedly working on a "SecureClient like" feature for their S-Box. http://www.s-box.com/ The SofaWare solution may be ideal for corporate network administrators who want to provide a hardware VPN solution to employees. A SecureClient appliance priced around $300 would be attractive to many corporate power users. I can only assume that I'm not alone in having more than a few end users who have home networks with two to four computers, each with a different OS, and all benefiting from access to the corporate network. Kevin Palmer
|