Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] BEFVP41 - EtherFast Cable/DSL VPN Router VPN to Check Point NG FP1 - Partial Success

To: [email protected]
Subject: [FW-1] BEFVP41 - EtherFast Cable/DSL VPN Router VPN to Check Point NG FP1 - Partial Success
From: "Palmer, Kevin" <[email protected]>
Date: Fri, 25 Jan 2002 16:31:56 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Thread-index: AcGl57bwHb4wbA4xRzyukvh7i4iFNw==
Thread-topic: BEFVP41 - EtherFast Cable/DSL VPN Router VPN to Check Point NG FP1 - Partial Success

Everyone,

Has anyone used the VPN features in the LinkSYS BEFVP41 Cable/DSL VPN router?

LinkSys has a new Cable/DSL router with site to site VPN functionality. http://www.linksys.com/products/product.asp?grid=23&prid=411 As you might expect for a device that sells for $140 to $160, there are only two pages of VPN documentation. The good news is that I was able to build a VPN from the LinkSys VPN router to an NG FP1 firewall. The bad news is that I can only send traffic in one direction. I can ping any computer on the LAN from a computer behind the LinkSys VPN router.

The TestComputer can access anything on the ServerSegment or WorkstationSegment portion of the LAN. A user logged into a Linux server in the ServerSegment can not ping the TestComputer. The firewall logs report "encryption failure: Encryption/Decryption Failure" when a user on LinuxServer telnets to TestComputer behind the LinkSys VPN router. The firewall logs report "encryption failure: no response from peer." when a user on LinuxServer pings TestComputer behind the LinkSys VPN router.

ServerSegment 172.28.192.0/22

WorkstationSegment 172.28.200.0/22

LinuxServer 172.28.200.1/22

FirewallLAN 172.28.208.0/22

DMZA 172.28.212.0/22

InternetA 12.0.0.A/24

InternetB 12.0.0.B/24 (Outside Encryption Domain)

LinkSysPublic 12.0.0.B1

LinkSysPrivate 192.168.97.1

TestComputer 192.168.97.100

The current configuration would work fine for someone with a static IP address who does not need to access his home computer from the office. Please let me know if you have VPN access working in both directions with CP NG FP1 and the LinkSys VPN router.

If someone wants more details about the test setup or logging information from the LinkSys VPN router, send me an e-mail.

The biggest problem I have with the LinkSys VPN device, when considered as an alternative to SecuRemote, is that there is no support for DHCP assigned IP addresses. If your cable modem looses it's DHCP assigned IP address, the system administrator would need to enter the new IP address into the corporate firewall.

SofaWare is supposedly working on a "SecureClient like" feature for their S-Box. http://www.s-box.com/ The SofaWare solution may be ideal for corporate network administrators who want to provide a hardware VPN solution to employees. A SecureClient appliance priced around $300 would be attractive to many corporate power users. I can only assume that I'm not alone in having more than a few end users who have home networks with two to four computers, each with a different OS, and all benefiting from access to the corporate network.

Kevin Palmer
Network Engineer - MCSE+I, CCSE, CCNA
Granite Solutions, Inc.

Prev by Date: [FW-1] Checkpoint NG & TrendMicro Interscan
Next by Date: Re: [FW-1] Checkpoint vs. Cisco VPN Client
Previous by thread: [FW-1] Checkpoint NG & TrendMicro Interscan
Next by thread: [FW-1] Chat on port 4445
Index(es):
- Date
- Thread