[ previous ] [ next ] [ threads ]
 
 From:  "Garry Taylor" <gtaylor at proxim dot com>
 To:  <mono at ricerage dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSEC Clients that work with m0n0wall
 Date:  Tue, 23 Mar 2004 18:37:57 +0800
There is a difference between a client that runs on a PC under windows
and connections that are VPN server to VPN server (which I call branch
to branch). Most vendors provide their client software (windows
application) for free, however they cripple it to work with only their
VPN servers. Cisco do it and Nortel do it, and I guess that the others
also do it.

When you take a look a connecting different VPN servers together that's
a different story, as some level of interwork is always assured
providing the vendors follow the relevant RFCs. What you find at the URL
below, is a list of other vendors VPN servers that can interwork with
Cisco VPN servers. This is nothing to do with client software.

Regards
Garry Taylor 

-----Original Message-----
From: Brian [mailto:mono at ricerage dot org] 
Sent: Tuesday, March 23, 2004 2:32 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] IPSEC Clients that work with m0n0wall


Hm. I'm not convinced that's true.

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_
list.html

Having taken a look at the examples provided by Cisco at the above URL
(specifically the section concerning PIX<-->Netscreen firewalls), there
doesn't appear to be anything propriatary at all about this. Considering
there are examples listed for interoperability between the PIX and many
other vendors' implementations, I'd have to say your conclusion is
false. Bearing in mind this is a PSK auth situation, perhaps this is
true with certificate based authentication?

In any event, can someone with a PIX take a look at the URL above, and
try again per this example? I'd love to know for sure.

 Brian

> That is because for some reason Cisco uses a propriatary 
> authentication system on the PIX that only works with other PIX boxes.

> If you are stuck with cisco hardware, which isn't a bad thing, you 
> need to use a Cisco 3000 VPN concentrator.
>
> Jean-Francois Theroux wrote:
>
>> Falcor wrote:
>>
>>> Hi all, please do not ignore this post.  I know I could search the 
>>> archives but I am in the middle of writing the how-to IPSEC with 
>>> m0n0wall document and just wanted to include all clients that work 
>>> with IPSEC.  E.g. what client software have you found that will 
>>> allow you to use the roaming IPSEC connections back to your 
>>> m0n0wall.  If you don't mind, please include the URL where it can be

>>> downloaded form, and include weather or not it is free.
>>>
>>> I hope to have this done in the next few hours and it should be as 
>>> good as the PPTP document, on that same note I have an update to the

>>> PPTP document that I need to get out.
>>>
>>> -F
>>>
>>>
>>> --------------------------------------------------------------------
>>> -
>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>> A m0n0wall to Cisco PIX how-to would be nice. I tried for a while, 
>> but it was never able to negotiate the pre-shared key. Although the 
>> settings the m0n0 box and the PIX were the same.
>>
>> -jf
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch