[SunHELP] Summary: VPN Solution

sunhelp at sunhelp.org sunhelp at sunhelp.org
Fri Feb 1 14:28:55 CST 2002


Update...
We just installed the current software on our VPN3K's last night and it
appears from looking at the config menus that the Unified Client may not be
required anymore for the 3K. I have some reading to do too it appears. The
UC requirement was the single complaint I have about the VPN3K.

James Fogg, Network Engineer
Vicinity Corporation - New Hampshire
(603) 442-1751

~ -----Original Message-----
~ From: David Baldwin [mailto:dbaldwin at networkinsight.com]
~ Sent: Friday, February 01, 2002 12:30 PM
~ To: sunmanagers at sunmanagers.org
~ Cc: sunhelp at sunhelp.org
~ Subject: [SunHELP] Summary: VPN Solution
~ 
~ 
~ ANSWER:  Get a VPN dedicated device, like Cisco's VPN 
~ Concentrator 3000
~ series.
~ The Cisco PIX can do the job of terminating the VPN tunnel 
~ and can hold
~ a few encrypted logins.
~ 
~ Some Suggestions:
~ Use Checkpoint Firewall on Solaris
~ Use a PIX and LDAP for auth
~ Suns aren't firewalls, use a firewall
~ Use a PIX and Radius
~ Use Cisco VPN 3000 series
~ 
~ I have a lot of reading to do.  We already are testing LDAP 
~ and TACACS.
~ I would like to get more educated on Radius since I am really not sure
~ what it is.  LDAP is very attractive in this case since, it 
~ seems, I can
~ use the same logins for the rest of the systems on the PIX.  The ideal
~ solution seems to be getting a VPN Concentrator 3000 and the Unified
~ client from Cisco (have to put those on the wish list).  
~ Bottom line is
~ that the equipment we have (PIX) is able to do the job.  It is just a
~ matter of getting the configs.
~ 
~ Thanks to everyone who help out:
~ Nagendra Prasad
~ Ger Lawlor
~ Al Hopper
~ James Fogg
~ Chris Smith
~ Vlade Ristevski
~ 
~ Best,
~ Dave Baldwin
~ 
~ 
~ -----Original Message-----
~ From: David Baldwin
~ Sent: Wednesday, January 30, 2002 9:51 AM
~ To: sunmanagers at sunmanagers.org
~ Cc: sunhelp at sunhelp.org
~ Subject: VPN Solution
~ 
~ Hi,
~ I am trying to pinpoint what the best solution would be to 
~ allow access
~ to the inside from the outside.
~ Currently we have a pix firewall filtering packets separating 
~ inside and
~ web.
~ Where I am having trouble is with the whole VPN concept.
~ Do I need a VPN server to do this?  If I do I would like for 
~ it to be a
~ Sun solution.
~ It looks like it might be possible to terminate the VPN tunnel at the
~ pix and that would allow for both Win2k and Unices clients to connect
~ using pptp.  But, then, how would clients get an IP?  So far, the
~ documentation found has not been sufficient.
~ Would I use SunScreen/DHCP to deal out IPs to clients?  Will that work
~ for all clients?
~ 
~ If anyone can tell me which doc to read to make this process clear or
~ has some pointers that can help, I would be grateful.
~ 
~ Sorry if this is a little off topic, I wasn't sure where to 
~ start and I
~ know I would like to use Sun if possible.
~ 
~ TIA
~ Dave Baldwin
~ _______________________________________________
~ sunmanagers mailing list
~ sunmanagers at sunmanagers.org
~ http://www.sunmanagers.org/mailman/listinfo/sunmanagers
~ _______________________________________________
~ SunHELP maillist  -  SunHELP at sunhelp.org
~ http://www.sunhelp.org/mailman/listinfo/sunhelp
~ 



More information about the SunHELP mailing list