Cisco licenses IRE's VPN client software. I believe they come in 100 user
licenses for ~$200. It works great for Win98 (I have two dozen VPN
configurations set up for different customers), but Cisco still doesn't have
a client available for Windows 2000. IRE has a Win2k client, but for
whatever reason Cisco hasn't gotten off their duff and OEM'd it. The other
option would be to use Win2k's L2TP to a PIX (bleh).
The only complain I have at all about the Cisco/IRE VPN Client is that it
installs shims in place of your network drivers (I'm sure any VPN client has
to do this), but if you tweak with your drivers, you need to uninstall and
reinstall the client. Not a problem though, it just takes two reboots (you
just answer "no" to removing the VPN configurations). Again, not really an
issue with users that don't have things change that much, but I'm constantly
fiddling with things.
Also, don't even attempt to use that software with the cheap ADSL PPPoE
EnterNet300 software. It'll work, but for unexplained reasons once or two a
week it'll just break. I have a customer that was deploying it for this,
and we ended up just going to cable modems (faster, cheaper, and it just
doesn't go down unlike SBC/PBI's ADSL). Anyway, the solution again was not
just uninstall the VPN client, but the EnterNet300 software (2 reboots), the
reinstall the EnterNet300 software, and finally the VPN client (4 reboots
total). Also, abosolutely forbid users from installing ANY ISP software. I
had this same user install both AOL and CompuServe within two days of each
other, hosing her Internet/VPN connect each time. Grr, I hate end users,
heh.
Oh, one other solution to have the ADSL PPPoE stuff work: Linksys 1 port
router. It supports PPPoE logins, so you don't have to install the software
on your PC, and the line just appears "always on." Unfortunately, if you're
rolling it out to a bunch of users, $100 extra per user adds up fast.
http://www.us.buy.com/retail/product.asp?sku=10249719&loc=101
I haven't personally worked with the Checkpoint VPN software, but I've heard
from two customers that support issues are a pain and it breaks from time to
time for now reason (probably the same issues as the Cisco/IRE software).
--
Jason Roysdon, CCNA, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""Chuck Larrieu"" <[EMAIL PROTECTED]> wrote in message
001201c05742$db471260$[EMAIL PROTECTED]">news:001201c05742$db471260$[EMAIL PROTECTED]...
> Good link. thanks.
>
> I notice this evaluation was done edge device to edge device, and not
> user/PC to edge device. It is this kind of PC / VPN connectivity I was
> talking about when reporting the hearsay my DE gave me.
>
> My understanding is that at this point in time there are a number of
issues
> with VPN PC client software. And that there is not much available in the
way
> of VPN client software for Mac and Unix boxes. No doubt there are lots of
> VPN clients for Linux boxes, but that may have its own set of issues as
> well.
>
> Unfortunately, it is this PC / VPN client kind of connection that most of
my
> customers are asking about.
>
> Chuck
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> hal9001
> Sent: Saturday, November 25, 2000 2:00 PM
> To: Chuck Larrieu; [EMAIL PROTECTED]
> Subject: Re: comparison between checkpoint firewall-1 and cisco pix 525
>
> If you want both a GUI and "Wire Speed" throughput try
>
> http://www2.netscreen.com/pub/
>
> You might be in for a surprise!
>
> Karl
> ----- Original Message -----
> From: "Chuck Larrieu" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, November 25, 2000 8:37 PM
> Subject: RE: comparison between checkpoint firewall-1 and cisco pix 525
>
>
> > I have heard both Cisco and Checkpoint sales engineers ( not in the same
> > room at the same time ) agree to the following points:
> >
> > 1) Checkpoint management ( GUI ) is FAR superior to anything Cisco has.
> > 2) PIX is FAR superior in terms of throughput
> > 3) Everything else the vendors say are subject to interpretation and
> > prejudice
> >
> > Checkpoint management superiority shows itself in situations where you
> have
> > multiple firewalls and multiple security domains, where policy requires
> > constant updating, etc. PIX is just fine in situations where are limited
> > number of firewalls, and/or limited policy change, so command line
> > configuration is not so overwhelming.
> >
> > I have also heard ( but do not know for a fact ) that at this time,
> > Checkpoint VPN-1 client side software is the most stable on the market
for
> > client PC secure VPN tunnels. My source was my DE, who tells me that she
> has
> > derived several VPN designs around the Checkpoint/Nokia product. The
> > feedback from the field, she tells me, is that there are fewer issues
with
> > Checkpoint than with Cisco Secure Client and the VPNet client. This too
> may
> > be one of perception. I have not read any industry comparison tests.
> >
> > In the end, one should begin with a clear and written security policy,
and
> > then choose based upon which vendor satisfies the precepts of that
policy.
> >
> > Chuck
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> > Jason Roysdon
> > Sent: Saturday, November 25, 2000 11:58 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: comparison between checkpoint firewall-1 and cisco pix 525
> >
> > Correct me if I'm wrong, but one of the key differences is that
Checkpoint
> > requires a "subscription" fee every year or so.
> >
> > The biggest selling point I give to customers is that Firewall-1 runs on
> top
> > of Unix or NT, and use good ol' FUD regarding OS that aren't that secure
> to
> > begin with, vs. the PIX has a completely hardened/customized OS.
> >
> > Best suggestion would be to hit both vendors' sites and see what they
have
> > to say.
> >
> > --
> > Jason Roysdon, CCNA, MCSE, CNA, Network+, A+
> > List email: [EMAIL PROTECTED]
> > Homepage: http://jason.artoo.net/
> > Cisco resources: http://r2cisco.artoo.net/
> >
> >
> > ""D'souza Agnelo"" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi,
> > > Can anyone give me comparisons between checkpoint
> > > firewall-1 and cisco pix 525.
> > >
> > >
> > > Agn
> >
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
