> - I run VPN-client on the internal W2K machine to connect to my > office. According to Charles, I will not be able to use it if I install > IPSEC gateway on the router. If say I have 2 internal subnets, say > 192.168.1.x and 192.168.2.x. If I only setup the IPSEC for > remote-accessing 192.168.1.x, could I still use my VPN client on the > other subnet, 192.168.2.x to connect to my office.
No...the firewall can only do one flavor of IPSec at a time (ie masquerade or VPN gateway). > - My office is using a Cisco VPN (I do not know the exact > version). Is it possible to connect it to the LRP IPSEC gateway, and if > so, what should I prepare for/ask our sys-admin? It is possible, although I have not personally done this. There is data on Cisco <> FreeS/WAN interoperation on the FreeS/WAN website. > - What is the difference between ipsec.lrp and ipsec509.lrp. If > I do not use X.509 certificates, do I have to install ipsec509.lrp? The ipsec509.lrp package includes a couple of programs that have been updated to use x.509 certificates. If you are not using certs, you do not need the ipsec509 package. > - As I do not have access to another router, for starting, I > will set up IPSEC for Road-Warrior only. Is there any way I can test it > remotely from a Unix box (Solaris at the university I attend). I have > some friends running Windows but I have to go to their places to test. It would be possible to do this, but it's probably easiest to try to test with another Dachstein firewall. If you can't test with another Dachstein firewall, you should probably try to either setup the actual VPN link you'll eventually want to use, or do testing with a similar remote system (ie another cisco). If you try testing with something like a solaris box, you'll be hitting all the problems caused by non-identical IPSec implementation you'll run into with the Cisco (ie different config file formats, finding mutually agreeable configuration setups, etc), and while you'll learn a lot about IPSec, you won't necessarily learn a lot about making it work in your desired application. Testing with another Dachstein firewall will be simpler, and will primarily teach you about configuing FreeS/WAN, which is a big part of configuring FreeS/WAN to work with your Cisco... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
