You asked about what kind of IPSec compatibility.... the answers are here
(and I'm reading it this afternoon, so don't ask me any questions about
it)...
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/ips
ec.htm
-----Original Message-----
From: TC Wolsey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 14, 1999 10:37 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: pix vs checkpoint
>Date: Wed, 13 Oct 1999 00:34:35 +0200 (MET DST)
>From: =?iso-8859-1?Q?Lars_Kronf=E4lt?= <[EMAIL PROTECTED]>
>Subject: Re: pix vs checkpoint
>
>Pardon me
>In release 5 of the PIX software, you got IPSec VPN compability and dont
>need any hardware card at any end. Version 5 was released like a week ago
>or something.
Although I could not be happier that Cisco has finally made IPSec available
on the PIX (after at least 3 changes in direction over something like 16
months), do you really want to run code that was released a week ago on your
firewall?
>
>The IPSec compability is very good. PIX workes as a branch office
>connection to a lot of other (IPSec) VPN boxes. And the client can be used
>to connect to other IPSec VPN boxes.
Can you elaborate on the "very good" compatibility of the IPSec
implementation in the PIX OS? Something like 'IKE main mode with pre-shared
auth works with vendor X and Y' would not be terribly exciting, something
like 'IKE main and agressive with non-IP address ID payloads and pre-shared,
full and modified RSA auth works with these 6 vendors, and the PIX always
does something reasonable with notifies' might get some more immediate
attention. Although IMHO, it would not take too much in the way of
interoperability to get better results out of the PIX than I have been able
to coax out of Firewall-1 v4.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
