New Zealand ADSL Mailing List


RE: M10s & Checkpoint VPNs

From: Little, Craig <craig.little_at_ssi.co.nz>
Date: Fri, 2 Jun 2000 16:20:32 +1200
Message-ID: <6140CCCA3E1AD311A1AF0008C7FAC84BB2A0C7@WELS0023>

The M10 NAT screws around with the IPSec headers, and to date I haven't
found a suitable fix. There is light at the end of the tunnel though, if
you're willing to invest in the price of an internal modem, and you're
running NT. A cheap option when you consider the price of FW-1. there are
setup issues, and FW-1 behaves differently depending on the version you are
running. i'm currently looking into how to get the wan wrapper for the
internal modem to dial without having to log in. one alternative is to use
NT's auto-login feature - but there has to be a better way.

the modem setup has a few issues, as does the checkpoint install. i'm happy
to discuss if you want to pursue this option. I don't want to bore the rest
of the list with the tedious issues of installing checkpoint. we've been
running cp over adsl for about 4 months without problem.

on a related note, if there is enough interest in the installation issues
with the 3020 i'm happy to post to the list. the telecom contractors know
how to do the base install, but there are a few things that _usually_ ( but
not always ) go wrong.

Kind regards,

Craig Little BSc, CPD, CPI, SCJP, CCSA, CCSE
Inter-networking / Security Consultant

Shell Services International

Phone: +64 4 462 4661
Fax: +64 4 463 4060
Mobile: +64 21 37 5858
mailto:craig.little@ssi.co.nz
http://www.shellservices.com

> -----Original Message-----
> From: Don Stokes [mailto:don@daedalus.co.nz]
> Sent: Friday, 2 June 2000 3:58 p.m.
> To: adsl@freebsddiary.cx
> Subject: M10s & Checkpoint VPNs
>
>
> Folks,
>
> What's the latest on IPSec and M10s? I've got a client with a need
> to talk between two Firewall-1 boxes, one of which has a "proper" IP
> address, the other will (unless this proves to be a showstopper) be
> behind an M10 on ADSL.
>
> How do the latest M10 upgrades affect the position?
>
> Can Checkpoint's FWZ VPN protocol deal with the M10. The standards
> weenie in me would prefer to use IPSec, but the pragmatist in me is
> happy to use whatever works...
>
> On a related note, has anyone used the Checkpoint SecuRemote stuff
> through NAT boxes?
>
> -- don
>
> This message is part of the NZ Broadband mailing list.
> see http://freebsddiary.cx/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@freebsddiary.cx
> with "unsubscribe adsl" in the body of the message
>

This message is part of the NZ Broadband mailing list.
see http://freebsddiary.cx/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Fri Jun 2 16:23:33 2000


This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:04 2006 EST