SUMMARY: Solaris, VPN and WAN - Supplemental

From: CIC Line <cic_line_at_hotmail.com>
Date: Tue Dec 04 2001 - 08:19:36 EST
Christopher Ciborowski <Chris.Ciborowski@exodus.net:

If you are talking point-to-point VPN's, you can use Solaris 8's IPSec 
implementation to encrypt traffic which is destined for certain networks.
This works well, but still requires a ISP (cable, DSL, T1, etc.) to connect 
the 2 networks-and is not very flexible, making DHCP addressed clients 
difficult to manage. Better to use on networks with static border devices, 
as this goes for hardware or software VPN point-to point implementations.
If you are looking for mobile clients trying to get into a network, i.e.. 
traveling salesperson, having both the VPN and RAS devices is necessary. As 
Mike Peppard pointed out, not everywhere a person goes can they connect via 
their cable modem, or, their ISP...dialing in to the network is a must. If 
the mobile clients will always have their own connection to the internet, 
then either a VPN concentrator (Cisco or the like) or a Firewall with VPN 
connectivity for remote clients (Cisco, Checkpoint) works nicely. I have 
used the Cisco, Nortel, and Checkpoint VPN clients and the all work well.
Other items to consider are how the VPN concentrator or FW/VPN device will 
work (load, # of clients, # of point-to-point VPNs, amount of traffic, 
etc.), how you plan on dropping off the traffic onto your network, 
authentication, etc.  There are many ways to solve this problem. Just my 
$.02.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

todd.a.fiedler@mail.sprint.com:

You might check into using IPSec. This is a feature that is part of
Solaris 8 and is probably what LTIU was referring to. (Note: Search 'IPSec' 
in docs.sun.com.)
Having said that, hardware VPNs are preferable and you can get into them
pretty cheaply. They are also not difficult to setup or maintain. Cisco
and Nokia and Nortel all make decent VPN hardware that isn't overly
expensive. The advantage of using hardware, aside from performance, is
that you aren't stuck maintaining vpn software on each of your systems
as you can secure the transport between sites instead of securing the
transmissions between servers.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Also thanks Rainer Heilke, Ian, and ltiu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The Original Questions:
Two general questions about WAN and VPN?
1) What are the good VPN implementations and tools for Solaris 8? Is 
SunScreen Lite? Anything else?
2) What are the judgments for a company to continue using traditional WAN 
techniques such as Remote Access Server-type systems, RADIUS, PPP, etc. when 
PN is available today?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Michael Lee

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Received on Tue Dec 4 13:19:36 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:36 EDT