Linksys vs WatchGuard VPN Protocols

Archived from groups: comp.security.firewalls (More info?)

In article <Xns94EEBAEF4B983notmenotmecoml@204.127.204.17>,
notme@notme.com says...
> Hopefully, the WatchGuard Firebox III will be here by the end of the work
> week. I do have some concerns about the current VPN protocols the Linksys
> router has enabled so that I can VPN into the company network. It was by
> pure luck that I got the VPN to work tunneling into the company network
> back in 2001 with the Linksys router as no one at the time in Thec Support
> could tell me the how to(s) with the router and the protocols needed. After
> a couple of days of not getting a connection, I decided to enable all of
> them and it worked and I have not looked back since.  
>
> The Linksys is using Multicast, IPsec and PPTP. If I disable anyone of the
> protocols, I cannot tunnel into the network. What is happening on the
> company network where all three protocols on the Linksys must be enabled?
>
> In addition to that, what issues are going to be faced with the WatchGuard
> and the VPN protocols, if any? I don't what to spend a lot of time trying
> to get it to work like I had to do with the Linksys.

Well, we need more information.

I've used the Linksys BEFVP41 units all over the country as remote
connections to WatchGuard units as the home office unit. I've also used
multiple VP41 units to create a spider web of VPN tunnels between many
locations.

If you are saying that you are running client software on your computer
that tunnels through the Linksys to the office, without using the
Linksys VPN tunnel configuration (meaning that you are doing a client
VPN and not a branch-office VPN) then you are talking about two
different things.

PPTP and ISPEC don't have anything to do with each other - you can use
one without the other to form a tunnel.

If you want to form a VPN tunnel between a Linksys VP41 router and a FB
1000 then you don't do anything on the computers, just the routers.

So, which is it? The Client type VPN or the device to device VPN?


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

Leythos <void@nowhere.com> wrote in
news:MPG.1b16726c6981c26398a552@news-server.columbus.rr.com:

> In article <Xns94EEBAEF4B983notmenotmecoml@204.127.204.17>,
> notme@notme.com says...
>> Hopefully, the WatchGuard Firebox III will be here by the end of the
>> work week. I do have some concerns about the current VPN protocols
>> the Linksys router has enabled so that I can VPN into the company
>> network. It was by pure luck that I got the VPN to work tunneling
>> into the company network back in 2001 with the Linksys router as no
>> one at the time in Thec Support could tell me the how to(s) with the
>> router and the protocols needed. After a couple of days of not
>> getting a connection, I decided to enable all of them and it worked
>> and I have not looked back since.  
>>
>> The Linksys is using Multicast, IPsec and PPTP. If I disable anyone
>> of the protocols, I cannot tunnel into the network. What is happening
>> on the company network where all three protocols on the Linksys must
>> be enabled?
>>
>> In addition to that, what issues are going to be faced with the
>> WatchGuard and the VPN protocols, if any? I don't what to spend a lot
>> of time trying to get it to work like I had to do with the Linksys.
>
> Well, we need more information.
>
> I've used the Linksys BEFVP41 units all over the country as remote
> connections to WatchGuard units as the home office unit. I've also
> used multiple VP41 units to create a spider web of VPN tunnels between
> many locations.
>
> If you are saying that you are running client software on your
> computer that tunnels through the Linksys to the office, without using
> the Linksys VPN tunnel configuration (meaning that you are doing a
> client VPN and not a branch-office VPN) then you are talking about two
> different things.
>
> PPTP and ISPEC don't have anything to do with each other - you can use
> one without the other to form a tunnel.
>
> If you want to form a VPN tunnel between a Linksys VP41 router and a
> FB 1000 then you don't do anything on the computers, just the routers.
>
> So, which is it? The Client type VPN or the device to device VPN?
>
>

Well that's the issue. Yes, I do use AT&T's Extranet client software to
connect to the company network.

I know that the laptop with the VPN client software can connect without
the router using a dialup or BB connection.

Yes, I connect the company Win 2k workstation/laptop into the Linksys
router at home using the AT&T client software.

I know that if no pass thru protocol is set on the Linksys BFFW11S4 v1
router, the machine will not connect to the company network.

I did try several combinations of the above mentioned pass thru protocols
being set on the router and the only thing that worked at the time was
enabling all three of them. And the router has been set that way from
that point back in 2001.

I will be using the 11S4 as a WAP connected into the WG for my wireless
laptop. Maybe, I can connect the work machine into it if need be for the
VPN. Or I could just connect the 11S4 back into the modem and clone the
WG MAC into Linksys for the WAN MAC and connect when I need to connect to
work, which is not that often anyway.

I did talk to a WG sales person and told them that I would be doing a VPN
into work. I was going to get the FB III SOHO ct6 that had the Branch
Office VPN, but I was told that I didn't need that one and go with the FB
III SOHO line.

Duane  

Archived from groups: comp.security.firewalls (More info?)

In article <Xns94EFB614CD8EEnotmenotmecoml@204.127.199.17>,
notme@notme.com says...
> Leythos <void@nowhere.com> wrote in
> news:MPG.1b16726c6981c26398a552@news-server.columbus.rr.com:
>
> > In article <Xns94EEBAEF4B983notmenotmecoml@204.127.204.17>,
> > notme@notme.com says...
> >> Hopefully, the WatchGuard Firebox III will be here by the end of the
> >> work week. I do have some concerns about the current VPN protocols
> >> the Linksys router has enabled so that I can VPN into the company
> >> network. It was by pure luck that I got the VPN to work tunneling
> >> into the company network back in 2001 with the Linksys router as no
> >> one at the time in Thec Support could tell me the how to(s) with the
> >> router and the protocols needed. After a couple of days of not
> >> getting a connection, I decided to enable all of them and it worked
> >> and I have not looked back since.  
> >>
> >> The Linksys is using Multicast, IPsec and PPTP. If I disable anyone
> >> of the protocols, I cannot tunnel into the network. What is happening
> >> on the company network where all three protocols on the Linksys must
> >> be enabled?
> >>
> >> In addition to that, what issues are going to be faced with the
> >> WatchGuard and the VPN protocols, if any? I don't what to spend a lot
> >> of time trying to get it to work like I had to do with the Linksys.
> >
> > Well, we need more information.
> >
> > I've used the Linksys BEFVP41 units all over the country as remote
> > connections to WatchGuard units as the home office unit. I've also
> > used multiple VP41 units to create a spider web of VPN tunnels between
> > many locations.
> >
> > If you are saying that you are running client software on your
> > computer that tunnels through the Linksys to the office, without using
> > the Linksys VPN tunnel configuration (meaning that you are doing a
> > client VPN and not a branch-office VPN) then you are talking about two
> > different things.
> >
> > PPTP and ISPEC don't have anything to do with each other - you can use
> > one without the other to form a tunnel.
> >
> > If you want to form a VPN tunnel between a Linksys VP41 router and a
> > FB 1000 then you don't do anything on the computers, just the routers.
> >
> > So, which is it? The Client type VPN or the device to device VPN?
> >
> >
>
> Well that's the issue. Yes, I do use AT&T's Extranet client software to
> connect to the company network.
>
> I know that the laptop with the VPN client software can connect without
> the router using a dialup or BB connection.
>
> Yes, I connect the company Win 2k workstation/laptop into the Linksys
> router at home using the AT&T client software.
>
> I know that if no pass thru protocol is set on the Linksys BFFW11S4 v1
> router, the machine will not connect to the company network.
>
> I did try several combinations of the above mentioned pass thru protocols
> being set on the router and the only thing that worked at the time was
> enabling all three of them. And the router has been set that way from
> that point back in 2001.
>
> I will be using the 11S4 as a WAP connected into the WG for my wireless
> laptop. Maybe, I can connect the work machine into it if need be for the
> VPN. Or I could just connect the 11S4 back into the modem and clone the
> WG MAC into Linksys for the WAN MAC and connect when I need to connect to
> work, which is not that often anyway.
>
> I did talk to a WG sales person and told them that I would be doing a VPN
> into work. I was going to get the FB III SOHO ct6 that had the Branch
> Office VPN, but I was told that I didn't need that one and go with the FB
> III SOHO line.

Duane,

I hate to say it, but now I'm really confused.

If you want to use a Linksys VPN router to branch-office connect to a FB
then all you have to do it setup the Manual Branch Office tunnels. I can
send you basic information on it. Keeping the PPTP/IPSEC pass-through
options enabled on the router is not a problem.

In short, you are going to connect two different subnet networks across
the internet using an IPSec tunnel that has the FB as one end and the
Linksys as the other end. As long as both have fixed IP addresses it
should only take about 10 minutes to setup. A quick ANY rule will allow
both offices to have full access to each other - more restrictive rules
are needed to limit access by services or addresses.

send me an email (see sig below) if you want more help.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

Leythos <void@nowhere.com> wrote in
news:MPG.1b17046b2a8fc3b398a55b@news-server.columbus.rr.com:

> In article <Xns94EFB614CD8EEnotmenotmecoml@204.127.199.17>,
> notme@notme.com says...
>> Leythos <void@nowhere.com> wrote in
>> news:MPG.1b16726c6981c26398a552@news-server.columbus.rr.com:
>>
>> > In article <Xns94EEBAEF4B983notmenotmecoml@204.127.204.17>,
>> > notme@notme.com says...
>> >> Hopefully, the WatchGuard Firebox III will be here by the end of
>> >> the work week. I do have some concerns about the current VPN
>> >> protocols the Linksys router has enabled so that I can VPN into
>> >> the company network. It was by pure luck that I got the VPN to
>> >> work tunneling into the company network back in 2001 with the
>> >> Linksys router as no one at the time in Thec Support could tell me
>> >> the how to(s) with the router and the protocols needed. After a
>> >> couple of days of not getting a connection, I decided to enable
>> >> all of them and it worked and I have not looked back since.  
>> >>
>> >> The Linksys is using Multicast, IPsec and PPTP. If I disable
>> >> anyone of the protocols, I cannot tunnel into the network. What is
>> >> happening on the company network where all three protocols on the
>> >> Linksys must be enabled?
>> >>
>> >> In addition to that, what issues are going to be faced with the
>> >> WatchGuard and the VPN protocols, if any? I don't what to spend a
>> >> lot of time trying to get it to work like I had to do with the
>> >> Linksys.
>> >
>> > Well, we need more information.
>> >
>> > I've used the Linksys BEFVP41 units all over the country as remote
>> > connections to WatchGuard units as the home office unit. I've also
>> > used multiple VP41 units to create a spider web of VPN tunnels
>> > between many locations.
>> >
>> > If you are saying that you are running client software on your
>> > computer that tunnels through the Linksys to the office, without
>> > using the Linksys VPN tunnel configuration (meaning that you are
>> > doing a client VPN and not a branch-office VPN) then you are
>> > talking about two different things.
>> >
>> > PPTP and ISPEC don't have anything to do with each other - you can
>> > use one without the other to form a tunnel.
>> >
>> > If you want to form a VPN tunnel between a Linksys VP41 router and
>> > a FB 1000 then you don't do anything on the computers, just the
>> > routers.
>> >
>> > So, which is it? The Client type VPN or the device to device VPN?
>> >
>> >
>>
>> Well that's the issue. Yes, I do use AT&T's Extranet client software
>> to connect to the company network.
>>
>> I know that the laptop with the VPN client software can connect
>> without the router using a dialup or BB connection.
>>
>> Yes, I connect the company Win 2k workstation/laptop into the Linksys
>> router at home using the AT&T client software.
>>
>> I know that if no pass thru protocol is set on the Linksys BFFW11S4
>> v1 router, the machine will not connect to the company network.
>>
>> I did try several combinations of the above mentioned pass thru
>> protocols being set on the router and the only thing that worked at
>> the time was enabling all three of them. And the router has been set
>> that way from that point back in 2001.
>>
>> I will be using the 11S4 as a WAP connected into the WG for my
>> wireless laptop. Maybe, I can connect the work machine into it if
>> need be for the VPN. Or I could just connect the 11S4 back into the
>> modem and clone the WG MAC into Linksys for the WAN MAC and connect
>> when I need to connect to work, which is not that often anyway.
>>
>> I did talk to a WG sales person and told them that I would be doing a
>> VPN into work. I was going to get the FB III SOHO ct6 that had the
>> Branch Office VPN, but I was told that I didn't need that one and go
>> with the FB III SOHO line.
>
> Duane,
>
> I hate to say it, but now I'm really confused.
>
> If you want to use a Linksys VPN router to branch-office connect to a
> FB then all you have to do it setup the Manual Branch Office tunnels.
> I can send you basic information on it. Keeping the PPTP/IPSEC
> pass-through options enabled on the router is not a problem.
>
> In short, you are going to connect two different subnet networks
> across the internet using an IPSec tunnel that has the FB as one end
> and the Linksys as the other end. As long as both have fixed IP
> addresses it should only take about 10 minutes to setup. A quick ANY
> rule will allow both offices to have full access to each other - more
> restrictive rules are needed to limit access by services or addresses.
>
> send me an email (see sig below) if you want more help.
>
>

I will send you an email when I attempt to do this. I can see there is
going to be a slight learning curve here.   The first thing will be just
to hook the thing up and make it work period. <g> That part will not be
that big of a deal I hope.  

Duane