[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Linksys & VPN-1
Title: RE: [FW-1] Linksys & VPN-1
Even a better solution for multiple remote users(ie, SOHO) would be
to purchase the Linksys BEFVP41 VPN Router. This 4 port Router allows
for a Site-to-Site VPN tunnel. I have several remote locations that are using Solaris, Linux and Windows though this BEFVP41 Router. The throughput is decent, and only $119.00 online.
Mike
-----Original Message-----
From: Andrea Coppini
To: [email protected]
Sent: 8/29/02 11:53 AM
Subject: Re: [FW-1] Linksys & VPN-1
I might be wrong, but I think the client doesn't have to be in the
Linksys
DMZ. You just need to enable Ipsec passthru and SPI. We also had 2
users
doing SecuRemote through the same linksys (this is with FW 4.1, IKE,
DES,
SHA1, UDP Encap. And Linksys firmware at the latest and greatest).
Sidenote: I have personally seen around 15-20 (that's twenty) users
doing
SecuRemote through a single IP at a small remote office we have. The
router
there is a Windows 2000 RRAS doing NAT to a single IP (with no special
configuration)... You might want to swap the linksys with a 2k box.
-----Original Message-----
From: John Chalifoux [mailto:[email protected]]
Sent: 29 August 2002 4:20 PM
To: [email protected]
Subject: Re: [FW-1] Linksys & VPN-1
I got this from Phoneboy's web site.....
How do I make SecuRemote work through a LinkSys Cable/DSL router?
LinkSys
routers can pass SecuRemote connections provided the following is
true:
1. Firewall should be at version 4.1 SP3 or above.
2. Firewall and users are both defined to use IKE (not FWZ) with 3DES
encryption and SHA1 authentication (MD5 doesn't work). 3. Secure Client
is
configured to use IKE as it's default encryption scheme. UDP
Encapsulation
is highly recommended, but not required. 4. Linksys router has firmware
version 1.39 or above and one of the following enabled (not all options
work
in all situations):
* Enable the DMZ feature for the host doing SecuRemote
* Enable port forwarding for port 500 to the PC doing the VPN
* Enable port triggering on port 500 (no need to specify which machine)
* Enable SPI (Stateful Packet Inspection) mode
* Enable IPSec Passthru
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of
Hernandez,
Moses
Sent: Thursday, August 29, 2002 8:29 AM
To: [email protected]
Subject: Re: [FW-1] Linksys & VPN-1
You mean what version of the SecureRemote Client or which version of the
Checkpoint Firewall. In any case here is what we are using on the
Firewall:
Checkpoint FW-1 4.1 Build 41821. We are also using SecureRemote 4.1 SP5
(Build 4199), which must be what you are refering to. Interestingly
enough
we are not having the Client access the Nokia 650 (we have 2 650's and
one
330 acting as a backup). One of the 650's is our firewall, the other is
just
vpn. I know this configuration is wrong, don't ask me i just inherited
this.
Question is though the VPN's are not going in through the IP of the
ethernet
interface of the nokia but rather the management server ip address.
Could
this be the issue? Why would it only affect Bellsouth PPPOE customers?
-----Original Message-----
From: Miller, Curt A. [mailto:[email protected]]
Sent: Tuesday, August 27, 2002 2:30 PM
To: [email protected]
Subject: Re: [FW-1] Linksys & VPN-1
Moses,
We had the same problem until we upgraded our SR. What build are you
using.
It is mentioned in the release notes of SR that it supports PPPOE as of
that
release. I think it was 4199.
Curt
-----Original Message-----
From: Hernandez, Moses [mailto:[email protected]]
Sent: Tuesday, August 27, 2002 11:48 AM
To: [email protected]
Subject: Re: [FW-1] Linksys & VPN-1
I'm having serious problems as well. I am in an area were the major
TelCo is
the big DSL provider. They use PPPOE (thank you bellsouth.net). None of
my
users can connect so far. The issue i think is they may be blocking VPN
unless you have the Business class service. Will the SofaWare solution
fix
this? We are going to try and demo it and see. I am wonderinng only
because
i think the SofaWare box may use PPTP and not IPSec. Anyone have a
similar
theory?
-----Original Message-----
From: Lars Troen [mailto:[email protected]]
Sent: Tuesday, August 27, 2002 9:54 AM
To: [email protected]
Subject: Re: [FW-1] Linksys & VPN-1
Yes. It uses udp 2946 and tcp or udp 500. This is not valid for site to
site
vpn's, only client vpn's (securemote/secureclient).
Lars
> -----Original Message-----
> From: Andrea Coppini [mailto:[email protected]]
> Sent: Tuesday, August 27, 2002 11:45
> To: [email protected]
> Subject: Re: [FW-1] Linksys & VPN-1
>
>
> I would also like to know this.
>
> -----Original Message-----
> From: Rob Patrick [mailto:[email protected]]
> Sent: 27 August 2002 12:45 AM
> To: [email protected]
> Subject: Re: [FW-1] Linksys & VPN-1
>
>
> Some VPN solutions allow tunneling the IPSEC packets across UDP or
> TCP.
>
> Cisco VPN, as one example, allows the user to tunnel IPSEC through
> either UDP or TCP packets - just set the gateway appliance with a
> given port (default is 10000) and you're running with a VPN solution
> that traverses most firewalls (especially when using TCP) and carriers
> like Comcast can't
> block (you could tunnel out port 80 or whatever is known open).
>
> Does VPN-1 provide any capability to transparently tunnel IPSEC across
> either TCP or UDP?
>
> ----- Original Message -----
> From: "Scott Friedman" <[email protected]>
> To: <[email protected]>
> Sent: Monday, August 26, 2002 3:31 PM
> Subject: Re: [FW-1] Linksys & VPN-1
>
>
> > Also find out what kind of broadband connection he has. I called
> > Comcast and they informed me that they are blocking VPN's on their
> > cable networks for Home users (the NON-Pro version).
> >
> > If they are, he will be able to get the topology of the
> site but won't
> > be able to Key Exchange when it tries to encrypt.
> >
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
