RE: ASA VPN device
You know you are :p -Original Message- From: Thomas W Shinder [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2008 2:40 PM To: NT System Admin Issues Subject: RE: ASA VPN device Actually, if you upgrade to Windows Server 2008 you don't have to be hobbled by open source code. MS fully backs its SSTP solution which performs better and is arguably more secure than OpenVPN. And, since SSTP isn't supported by ISA, you can't claim that I'm an ISA ho' :) HTH, Tom -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:31 PM To: NT System Admin Issues Subject: RE: ASA VPN device Its not part of the GUI, but a quick search of the dd-wrt wiki provides: http://www.dd-wrt.com/wiki/index.php/VPNC -Original Message- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:24 PM To: NT System Admin Issues Subject: RE: ASA VPN device Well there we go...so the cheap solution isn't viable, right? - Andy O. -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:21 PM To: NT System Admin Issues Subject: Re: ASA VPN device Absolutely not. An OpenVPN client needs to talk to an OpenVPN server, and the only OpenVPN server implementation is native to Linux/*BSD, with a Windows port available. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
Sometimes you pay more, and get less, as anyone who has bought Oracle knows :-) That said, $1000 for a server license (plus something to run it on) -vs- $100 for a Linksys router. It's probably the reason that a lot of people go and buy Linksys routers. Not everyone has a Windows Server 2008 box sitting in their homes to connect to the 'net. Sometimes it's just not worth the expense. Cheers Ken -Original Message- From: Thomas W Shinder [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2008 3:06 PM To: NT System Admin Issues Subject: RE: ASA VPN device I was promoting a solution that works and is fully supported by the vendor. Not promoting something cheap and supported by the canaille You always get what you pay for, unless you believe in the worker's paradise HTH, Tom -Original Message- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 11:58 PM To: NT System Admin Issues Subject: RE: ASA VPN device Isn't OP looking for a device for their branch office? Are you suggesting installing Windows Server 2008 at both ends? That sounds expensive compared to buying a dinky Linksys WRT54G device to use out in the branch office. Cheers Ken -Original Message- From: Thomas W Shinder [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2008 2:40 PM To: NT System Admin Issues Subject: RE: ASA VPN device Actually, if you upgrade to Windows Server 2008 you don't have to be hobbled by open source code. MS fully backs its SSTP solution which performs better and is arguably more secure than OpenVPN. And, since SSTP isn't supported by ISA, you can't claim that I'm an ISA ho' :) HTH, Tom -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:31 PM To: NT System Admin Issues Subject: RE: ASA VPN device Its not part of the GUI, but a quick search of the dd-wrt wiki provides: http://www.dd-wrt.com/wiki/index.php/VPNC -Original Message- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:24 PM To: NT System Admin Issues Subject: RE: ASA VPN device Well there we go...so the cheap solution isn't viable, right? - Andy O. -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:21 PM To: NT System Admin Issues Subject: Re: ASA VPN device Absolutely not. An OpenVPN client needs to talk to an OpenVPN server, and the only OpenVPN server implementation is native to Linux/*BSD, with a Windows port available. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
As he only needs it for a short while, use the trial edition of the 2008 server. Good for 90 days and extendable to 240. http://www.microsoft.com/windowsserver2008/en/us/trial-software.aspx I would be surprised if he did not have a couple of spare PC's hanging around. Most do. -Original Message- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2008 4:13 AM To: NT System Admin Issues Subject: RE: ASA VPN device Sometimes you pay more, and get less, as anyone who has bought Oracle knows :-) That said, $1000 for a server license (plus something to run it on) -vs- $100 for a Linksys router. It's probably the reason that a lot of people go and buy Linksys routers. Not everyone has a Windows Server 2008 box sitting in their homes to connect to the 'net. Sometimes it's just not worth the expense. Cheers Ken -Original Message- From: Thomas W Shinder [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2008 3:06 PM To: NT System Admin Issues Subject: RE: ASA VPN device I was promoting a solution that works and is fully supported by the vendor. Not promoting something cheap and supported by the canaille You always get what you pay for, unless you believe in the worker's paradise HTH, Tom -Original Message- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 11:58 PM To: NT System Admin Issues Subject: RE: ASA VPN device Isn't OP looking for a device for their branch office? Are you suggesting installing Windows Server 2008 at both ends? That sounds expensive compared to buying a dinky Linksys WRT54G device to use out in the branch office. Cheers Ken -Original Message- From: Thomas W Shinder [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2008 2:40 PM To: NT System Admin Issues Subject: RE: ASA VPN device Actually, if you upgrade to Windows Server 2008 you don't have to be hobbled by open source code. MS fully backs its SSTP solution which performs better and is arguably more secure than OpenVPN. And, since SSTP isn't supported by ISA, you can't claim that I'm an ISA ho' :) HTH, Tom -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:31 PM To: NT System Admin Issues Subject: RE: ASA VPN device Its not part of the GUI, but a quick search of the dd-wrt wiki provides: http://www.dd-wrt.com/wiki/index.php/VPNC -Original Message- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:24 PM To: NT System Admin Issues Subject: RE: ASA VPN device Well there we go...so the cheap solution isn't viable, right? - Andy O. -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:21 PM To: NT System Admin Issues Subject: Re: ASA VPN device Absolutely not. An OpenVPN client needs to talk to an OpenVPN server, and the only OpenVPN server implementation is native to Linux/*BSD, with a Windows port available. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
LOL!!! Touche my friend :) And something I didn't notice yesteray, if a site to site VPN solution is required, then SSTP won't work anyhow. FWIU, SSTP works only for remote access VPN connections, not site to site (gateway to gateway) VPNs. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) -Original Message- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2008 3:13 AM To: NT System Admin Issues Subject: RE: ASA VPN device Sometimes you pay more, and get less, as anyone who has bought Oracle knows :-) That said, $1000 for a server license (plus something to run it on) -vs- $100 for a Linksys router. It's probably the reason that a lot of people go and buy Linksys routers. Not everyone has a Windows Server 2008 box sitting in their homes to connect to the 'net. Sometimes it's just not worth the expense. Cheers Ken -Original Message- From: Thomas W Shinder [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2008 3:06 PM To: NT System Admin Issues Subject: RE: ASA VPN device I was promoting a solution that works and is fully supported by the vendor. Not promoting something cheap and supported by the canaille You always get what you pay for, unless you believe in the worker's paradise HTH, Tom -Original Message- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 11:58 PM To: NT System Admin Issues Subject: RE: ASA VPN device Isn't OP looking for a device for their branch office? Are you suggesting installing Windows Server 2008 at both ends? That sounds expensive compared to buying a dinky Linksys WRT54G device to use out in the branch office. Cheers Ken -Original Message- From: Thomas W Shinder [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2008 2:40 PM To: NT System Admin Issues Subject: RE: ASA VPN device Actually, if you upgrade to Windows Server 2008 you don't have to be hobbled by open source code. MS fully backs its SSTP solution which performs better and is arguably more secure than OpenVPN. And, since SSTP isn't supported by ISA, you can't claim that I'm an ISA ho' :) HTH, Tom -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:31 PM To: NT System Admin Issues Subject: RE: ASA VPN device Its not part of the GUI, but a quick search of the dd-wrt wiki provides: http://www.dd-wrt.com/wiki/index.php/VPNC -Original Message- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:24 PM To: NT System Admin Issues Subject: RE: ASA VPN device Well there we go...so the cheap solution isn't viable, right? - Andy O. -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:21 PM To: NT System Admin Issues Subject: Re: ASA VPN device Absolutely not. An OpenVPN client needs to talk to an OpenVPN server, and the only OpenVPN server implementation is native to Linux/*BSD, with a Windows port available. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: ASA VPN device
On Wed, May 28, 2008 at 5:07 PM, Andy Ognenoff [EMAIL PROTECTED] wrote: I guess the real question is then, getting back to the OP's question, will OpenVPN connect with an ASA without issue? Nope. OpenVPN uses its own protocol. It uses SSL/TLS for the crypto, but the management and tunneling protocols are unique to OpenVPN. They're documented, but I don't know of anyone else implementing them, let alone Cisco. However, you can get an IPsec implementation for Linux (called OpenS/WAN), so you could run that on the LinkSys or other bitty-box. Performance will be poor, though. The CPUs in those bitty-boxes tend to be pretty underpowered for doing crypto. There are some bitty-boxes with crypto accelerator hardware, but I haven't played with it. Setting up OpenS/WAN was rather complicated, last I used it. OpenVPN is a lot simpler; but it's not a standard protocol. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: ASA VPN device
On Thu, May 29, 2008 at 12:40 AM, Thomas W Shinder [EMAIL PROTECTED] wrote: Actually, if you upgrade to Windows Server 2008 you don't have to be hobbled by open source code. Some of us consider open-source code a benefit, and closed-source to be more like hobbling. The whole freedom thing, ya know? MS fully backs its SSTP solution which performs better and is arguably more secure than OpenVPN. Oh? And what might the argument be? Just If it isn't ISA^W Microsoft, it's crap?, or something more? -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
Yeah, that's about the same as a low end pix. I was hoping to get the guy one of the 100 dollar cable/dsl devices that can do a vpn at the edge -Original Message- From: Terry Dickson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:03 PM To: NT System Admin Issues Subject: RE: ASA VPN device We have juniper Netscreen doing a VPN to our Cisco ASA. -Original Message- From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:00 PM To: NT System Admin Issues Subject: ASA VPN device Anyone know if any of the cheap(er) firewall devices can do a vpn with a Cisco ASA device? Im thinking a Linksys could do it (ie Cisco) but I didn't see mention of it specifically. I have a client that needs a temporary setup while they move offices, and instead of spending the cash on a device to be used for two weeks was hoping to find something on the low end. Thanks ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
We have juniper Netscreen doing a VPN to our Cisco ASA. -Original Message- From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:00 PM To: NT System Admin Issues Subject: ASA VPN device Anyone know if any of the cheap(er) firewall devices can do a vpn with a Cisco ASA device? Im thinking a Linksys could do it (ie Cisco) but I didn't see mention of it specifically. I have a client that needs a temporary setup while they move offices, and instead of spending the cash on a device to be used for two weeks was hoping to find something on the low end. Thanks ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: ASA VPN device
IPsec is very much standardized, up to a point. ANYTHING can build an IPsec tunnel to ANYTHING, but there's one caveat: both sides need to have a static IP. If one or both sides has a dynamic IP, standardization goes out the window and there are no cross-vendor compatibility guarantees. PS don't assume that Linksys is high quality because they're owned by Cisco. Depending on who you ask their quality has either stayed the same or gone downhill since the buyout. Benjamin Zachary - Lists wrote: Anyone know if any of the cheap(er) firewall devices can do a vpn with a Cisco ASA device? Im thinking a Linksys could do it (ie Cisco) but I didn’t see mention of it specifically. I have a client that needs a temporary setup while they move offices, and instead of spending the cash on a device to be used for two weeks was hoping to find something on the low end. -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
Hey Ben, Check out the dd-wrt firmware for Linksys WRT54G(L). It's got a couple of VPN options for you including OpenVPN client capability. -troy From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 11:00 AM To: NT System Admin Issues Subject: ASA VPN device Anyone know if any of the cheap(er) firewall devices can do a vpn with a Cisco ASA device? Im thinking a Linksys could do it (ie Cisco) but I didn't see mention of it specifically. I have a client that needs a temporary setup while they move offices, and instead of spending the cash on a device to be used for two weeks was hoping to find something on the low end. Thanks ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
I wasn't directly involved in the configuration, but we have an external VPN connection from a Linksys router to our ASA. It works - most of the time - but has been less than rock-solid. The Linksys requires rebooting whenever the connection gets dropped. Roger Wright From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:00 PM To: NT System Admin Issues Subject: ASA VPN device Anyone know if any of the cheap(er) firewall devices can do a vpn with a Cisco ASA device? Im thinking a Linksys could do it (ie Cisco) but I didn't see mention of it specifically. I have a client that needs a temporary setup while they move offices, and instead of spending the cash on a device to be used for two weeks was hoping to find something on the low end. Thanks ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
What are you looking to spend? Do you want new or used equipment? If you don't mind used, $50-75 will buy you a Cisco 1700 series router w/ crypto image that'll do the job nicely (1700 series routers were rock solid - which is why a lot are still in production today). Or even an 831 w/ crypto image for a newer solution (although both are still EoL). If you want new and don't mind shelling out $200-300 you could go for an 851 with crypto image. All of these would do the job nicely... or you could stick with the DD-WRT path that someone already mentioned. But you'd be fighting on eBay to get a WRT54G (of which you'll pay an arm and a leg for) that supports the correct version of DD-WRT and you'd have to face cross-platform compatibility issues. Let me know what you decide to do and I can throw some sample configs your way or lend a hand if need be. HTH, Aaron From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:27 PM To: NT System Admin Issues Subject: RE: ASA VPN device I wasn't directly involved in the configuration, but we have an external VPN connection from a Linksys router to our ASA. It works - most of the time - but has been less than rock-solid. The Linksys requires rebooting whenever the connection gets dropped. Roger Wright From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:00 PM To: NT System Admin Issues Subject: ASA VPN device Anyone know if any of the cheap(er) firewall devices can do a vpn with a Cisco ASA device? Im thinking a Linksys could do it (ie Cisco) but I didn't see mention of it specifically. I have a client that needs a temporary setup while they move offices, and instead of spending the cash on a device to be used for two weeks was hoping to find something on the low end. Thanks ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
This is static IP's we have a 6meg pipe going in to the new facility, I think Im just going to have them get something a little stronger. We have an ISA 2004 license, and I pretty familiar with that side of it, but I tried to setup a vpn today from the isa to asa and just get some failures about no-proposal-chosen on the asa side. Looking for logging in the cisco when your not a cisco 'guy' is like brushing your teeth with a knife. I have done a few isa-cisco's before without much trouble but I was always given the config from the cisco side. I know I have everything set right and technically it should work but its just not and Im thinking its something not configured right on the ASA side. maybe Ill just dump asa for 2 isa boxes . *things that make you go hmmm* _ From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:27 PM To: NT System Admin Issues Subject: RE: ASA VPN device I wasn't directly involved in the configuration, but we have an external VPN connection from a Linksys router to our ASA. It works - most of the time - but has been less than rock-solid. The Linksys requires rebooting whenever the connection gets dropped. Roger Wright From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:00 PM To: NT System Admin Issues Subject: ASA VPN device Anyone know if any of the cheap(er) firewall devices can do a vpn with a Cisco ASA device? Im thinking a Linksys could do it (ie Cisco) but I didn't see mention of it specifically. I have a client that needs a temporary setup while they move offices, and instead of spending the cash on a device to be used for two weeks was hoping to find something on the low end. Thanks ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
All he needs to use DD-WRT is a WRT54GL which can be purchased at the major distributors for about $70. I recently bought 10 of them and run the latest version of DD-WRT on them. http://www.cdw.com/shop/products/default.aspx?EDC=889253 That said, I dont know if they will actually solve the OP's problem, but he doesnt need to resort to eBay to find them. - Andy O. From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:42 PM To: NT System Admin Issues Subject: RE: ASA VPN device ...or you could stick with the DD-WRT path that someone already mentioned. But youd be fighting on eBay to get a WRT54G (of which youll pay an arm and a leg for) that supports the correct version of DD-WRT and youd have to face cross-platform compatibility issues... ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
I was under the impressions that in order run the VPN version of DD-WRT, you needed a specific model of the WRT54G (which is hard to come by). I know you can run the stripped down version on any WRT54G though. Aaron -Original Message- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:51 PM To: NT System Admin Issues Subject: RE: ASA VPN device All he needs to use DD-WRT is a WRT54GL which can be purchased at the major distributors for about $70. I recently bought 10 of them and run the latest version of DD-WRT on them. http://www.cdw.com/shop/products/default.aspx?EDC=889253 That said, I don't know if they will actually solve the OP's problem, but he doesn't need to resort to eBay to find them. - Andy O. From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:42 PM To: NT System Admin Issues Subject: RE: ASA VPN device ...or you could stick with the DD-WRT path that someone already mentioned. But you'd be fighting on eBay to get a WRT54G (of which you'll pay an arm and a leg for) that supports the correct version of DD-WRT and you'd have to face cross-platform compatibility issues... ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
I was under the impressions that in order run the VPN version of DD-WRT, you needed a specific model of the WRT54G (which is hard to come by). I know you can run the stripped down version on any WRT54G though. I don't think so, the Supported Devices Wiki says that the WRT54GL can run any version of DD-WRT, which I would assume to mean that it can handle the VPN package as well. I'm referencing the GL, not the standard G series. I could be wrong because I don't use the VPN package but everything I've read leads me to believe it would work. I guess the real question is then, getting back to the OP's question, will OpenVPN connect with an ASA without issue? - Andy O. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: ASA VPN device
That was before they made the WRT54GL (the L stands for Linux) :) The L variant has more memory and flash than the non-L, and can run the full dd-wrt package without issue. They specifically make it for enthusiasts. Aaron T. Rohyans wrote: I was under the impressions that in order run the VPN version of DD-WRT, you needed a specific model of the WRT54G (which is hard to come by). I know you can run the stripped down version on any WRT54G though. -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: ASA VPN device
Absolutely not. An OpenVPN client needs to talk to an OpenVPN server, and the only OpenVPN server implementation is native to Linux/*BSD, with a Windows port available. Andy Ognenoff wrote: I guess the real question is then, getting back to the OP's question, will OpenVPN connect with an ASA without issue? -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
Well there we go...so the cheap solution isn't viable, right? - Andy O. -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:21 PM To: NT System Admin Issues Subject: Re: ASA VPN device Absolutely not. An OpenVPN client needs to talk to an OpenVPN server, and the only OpenVPN server implementation is native to Linux/*BSD, with a Windows port available. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: ASA VPN device
That's typically the case ;) Andy Ognenoff wrote: Well there we go...so the cheap solution isn't viable, right? -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
Its not part of the GUI, but a quick search of the dd-wrt wiki provides: http://www.dd-wrt.com/wiki/index.php/VPNC -Original Message- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:24 PM To: NT System Admin Issues Subject: RE: ASA VPN device Well there we go...so the cheap solution isn't viable, right? - Andy O. -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:21 PM To: NT System Admin Issues Subject: Re: ASA VPN device Absolutely not. An OpenVPN client needs to talk to an OpenVPN server, and the only OpenVPN server implementation is native to Linux/*BSD, with a Windows port available. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
Actually, if you upgrade to Windows Server 2008 you don't have to be hobbled by open source code. MS fully backs its SSTP solution which performs better and is arguably more secure than OpenVPN. And, since SSTP isn't supported by ISA, you can't claim that I'm an ISA ho' :) HTH, Tom -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:31 PM To: NT System Admin Issues Subject: RE: ASA VPN device Its not part of the GUI, but a quick search of the dd-wrt wiki provides: http://www.dd-wrt.com/wiki/index.php/VPNC -Original Message- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:24 PM To: NT System Admin Issues Subject: RE: ASA VPN device Well there we go...so the cheap solution isn't viable, right? - Andy O. -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:21 PM To: NT System Admin Issues Subject: Re: ASA VPN device Absolutely not. An OpenVPN client needs to talk to an OpenVPN server, and the only OpenVPN server implementation is native to Linux/*BSD, with a Windows port available. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
Dude! One thing to keep in mind is that ISA is always RFC compliant. I spent two weeks with the ISA firewall team in Haifa, and they are insane about being RFC compliant. Cisco isn't, since they think they own the space. ISA is definitely the most secure VPN server you can implement. However, it's not the best performer. Cisco, while not RFC compliant, performs better when connecting with other Cisco VPN servers/gateways. However, given the BIG overhead you pay for Cisco, you can mitigate the performance issues by implementing and ISA firewall arrays. HTH, Tom From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:38 PM To: NT System Admin Issues Subject: RE: ASA VPN device This is static IP's we have a 6meg pipe going in to the new facility, I think Im just going to have them get something a little stronger. We have an ISA 2004 license, and I pretty familiar with that side of it, but I tried to setup a vpn today from the isa to asa and just get some failures about no-proposal-chosen on the asa side. Looking for logging in the cisco when your not a cisco 'guy' is like brushing your teeth with a knife. I have done a few isa-cisco's before without much trouble but I was always given the config from the cisco side. I know I have everything set right and technically it should work but its just not and Im thinking its something not configured right on the ASA side. maybe Ill just dump asa for 2 isa boxes ... *things that make you go hmmm* From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:27 PM To: NT System Admin Issues Subject: RE: ASA VPN device I wasn't directly involved in the configuration, but we have an external VPN connection from a Linksys router to our ASA. It works - most of the time - but has been less than rock-solid. The Linksys requires rebooting whenever the connection gets dropped. Roger Wright From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:00 PM To: NT System Admin Issues Subject: ASA VPN device Anyone know if any of the cheap(er) firewall devices can do a vpn with a Cisco ASA device? Im thinking a Linksys could do it (ie Cisco) but I didn't see mention of it specifically. I have a client that needs a temporary setup while they move offices, and instead of spending the cash on a device to be used for two weeks was hoping to find something on the low end. Thanks ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
Isn't OP looking for a device for their branch office? Are you suggesting installing Windows Server 2008 at both ends? That sounds expensive compared to buying a dinky Linksys WRT54G device to use out in the branch office. Cheers Ken -Original Message- From: Thomas W Shinder [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2008 2:40 PM To: NT System Admin Issues Subject: RE: ASA VPN device Actually, if you upgrade to Windows Server 2008 you don't have to be hobbled by open source code. MS fully backs its SSTP solution which performs better and is arguably more secure than OpenVPN. And, since SSTP isn't supported by ISA, you can't claim that I'm an ISA ho' :) HTH, Tom -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:31 PM To: NT System Admin Issues Subject: RE: ASA VPN device Its not part of the GUI, but a quick search of the dd-wrt wiki provides: http://www.dd-wrt.com/wiki/index.php/VPNC -Original Message- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:24 PM To: NT System Admin Issues Subject: RE: ASA VPN device Well there we go...so the cheap solution isn't viable, right? - Andy O. -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:21 PM To: NT System Admin Issues Subject: Re: ASA VPN device Absolutely not. An OpenVPN client needs to talk to an OpenVPN server, and the only OpenVPN server implementation is native to Linux/*BSD, with a Windows port available. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: ASA VPN device
I was promoting a solution that works and is fully supported by the vendor. Not promoting something cheap and supported by the canaille You always get what you pay for, unless you believe in the worker's paradise HTH, Tom -Original Message- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 11:58 PM To: NT System Admin Issues Subject: RE: ASA VPN device Isn't OP looking for a device for their branch office? Are you suggesting installing Windows Server 2008 at both ends? That sounds expensive compared to buying a dinky Linksys WRT54G device to use out in the branch office. Cheers Ken -Original Message- From: Thomas W Shinder [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2008 2:40 PM To: NT System Admin Issues Subject: RE: ASA VPN device Actually, if you upgrade to Windows Server 2008 you don't have to be hobbled by open source code. MS fully backs its SSTP solution which performs better and is arguably more secure than OpenVPN. And, since SSTP isn't supported by ISA, you can't claim that I'm an ISA ho' :) HTH, Tom -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:31 PM To: NT System Admin Issues Subject: RE: ASA VPN device Its not part of the GUI, but a quick search of the dd-wrt wiki provides: http://www.dd-wrt.com/wiki/index.php/VPNC -Original Message- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 2:24 PM To: NT System Admin Issues Subject: RE: ASA VPN device Well there we go...so the cheap solution isn't viable, right? - Andy O. -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 4:21 PM To: NT System Admin Issues Subject: Re: ASA VPN device Absolutely not. An OpenVPN client needs to talk to an OpenVPN server, and the only OpenVPN server implementation is native to Linux/*BSD, with a Windows port available. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~