Christopher Ciborowski <Chris.Ciborowski@exodus.net: If you are talking point-to-point VPN's, you can use Solaris 8's IPSec implementation to encrypt traffic which is destined for certain networks. This works well, but still requires a ISP (cable, DSL, T1, etc.) to connect the 2 networks-and is not very flexible, making DHCP addressed clients difficult to manage. Better to use on networks with static border devices, as this goes for hardware or software VPN point-to point implementations. If you are looking for mobile clients trying to get into a network, i.e.. traveling salesperson, having both the VPN and RAS devices is necessary. As Mike Peppard pointed out, not everywhere a person goes can they connect via their cable modem, or, their ISP...dialing in to the network is a must. If the mobile clients will always have their own connection to the internet, then either a VPN concentrator (Cisco or the like) or a Firewall with VPN connectivity for remote clients (Cisco, Checkpoint) works nicely. I have used the Cisco, Nortel, and Checkpoint VPN clients and the all work well. Other items to consider are how the VPN concentrator or FW/VPN device will work (load, # of clients, # of point-to-point VPNs, amount of traffic, etc.), how you plan on dropping off the traffic onto your network, authentication, etc. There are many ways to solve this problem. Just my $.02. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ todd.a.fiedler@mail.sprint.com: You might check into using IPSec. This is a feature that is part of Solaris 8 and is probably what LTIU was referring to. (Note: Search 'IPSec' in docs.sun.com.) Having said that, hardware VPNs are preferable and you can get into them pretty cheaply. They are also not difficult to setup or maintain. Cisco and Nokia and Nortel all make decent VPN hardware that isn't overly expensive. The advantage of using hardware, aside from performance, is that you aren't stuck maintaining vpn software on each of your systems as you can secure the transport between sites instead of securing the transmissions between servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also thanks Rainer Heilke, Ian, and ltiu. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Original Questions: Two general questions about WAN and VPN? 1) What are the good VPN implementations and tools for Solaris 8? Is SunScreen Lite? Anything else? 2) What are the judgments for a company to continue using traditional WAN techniques such as Remote Access Server-type systems, RADIUS, PPP, etc. when PN is available today? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Michael Lee _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Dec 4 07:21:21 2001
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:29 EST