On Tue, 16 Jul 2002, Jon Molin wrote:
> Hi list,
>
> I'm about to set a vpn with a partner and my natural choice was freeswan
> since I'm using a linux firewall. The partner on the other end of the
> vpn is rock solid in his demand that we use nortel though and as I
> haven't extensive freeswan experience do I feel i lack arguments, except
> the obious like cost and that we'd have to put the nortel behind the
> firewall adding one extra mashine to maintain.
>
> He (the partner's) argumentation is basicly "we've had problems before
> with others who wanted other systems, a nortel can be set up in two
> hours and we'll have it all working". I'm not fully buying this
> argumentation as we will set the nortel up in four different locations
> with four similar firewalls and I figure once we get the first working
> with freeswan it'll be basicly just to transfer the config scripts to
> the other firewalls.
Normal argument "We don't know anything else, so use what we know". After
using FreeS/Wan for a few weeks, you can set it up in 15 minutes too.
FreeS/Wan -> Nortel is iffy... It worked at one point using the older code
(both on Contivity head end and FreeS/Wan) but I don't know about recent.
I'm using Netlock's Contivity client for Linux remote users, but it's not
designed to run as a remote office. I've been debating on testing more
recent stuff, but it's low on my priority list, as I don't ever plan to do
it for any reason other than "see if it works". If someone was really
keen on this, I can do the contivity side easily enough, but I'm not setup
to do the FreeS/Wan side.
> The system the partner use is 'Cisco Pix 515 firewall or a Nortel
> Contivity switch' and as far as I could see in the freeswan docs are
> these supported, right? The systems they want us to use are three
> 'Nortel 100s Contivity switch/ firewall' for three low traffic
> locations and a 'Cisco B2B VPN' for one high traffic location with up
> to 11 concurrent sessions.
I use FreeS/Wan, Nortel and Cisco VPN tech. @ work. The one I have the
least amount of trouble with is the FreeS/Wan. Setup, and forget it.
I've got 4 Contivity 2600's, but I only use them for remote workers, not
remote sites. The Cisco's are used for business partners with the same
attitude as yours... "Cisco or nothing", so I jam them into a little 1720
and then run all the traffic through a firewall.
> Will it be hard to set up? Will a P2 350 be enough for our 10Mbit
> connection? Can you add some arguments for me?
Depending on the # of tunnels, probably. See docs/performance for
details.
>
> Unfortunately doesn't I have the last saying, if they go NO I'll have to
> use their nortel/cisco sollution so I need good arguments.
You've got the main ones... if *you* are stuck supporting it, you'd want
something you know, and don't wanna spend additional $, since you have the
equipment in place already.
-- Ken Bantoft One Unix to rule them all, One Resolver to find them, ken_at_networkoverlord.com One IP to bring them all, and in the zone, bind them._______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:23 CEST