My experience has been limited to the Media-1 Roadrunner offering. I found
that this offering is different depending on where you live. For instance,
in Tampa Florida, Media-1 seems to give out "real" routable IP addresses.
Products such as SecurRemote work well there. In Fort Lauderdale Florida,
Media-1 seems to hide nat you, which will cause SecuRemote to not work of
course. For $100.00 US per month extra, you can get a static IP address, and
they also crank up the transmit side to 1.5MB. (assuming your cable modem
supports static IP's. Mine is a Best Data) This works well with SecuRemote,
as well as site to site VPN's. I guess my point is to make sure of what
exactly you are getting. Dont rely on the cable modem sales guys, call their
tech support and ask them whether or not you will be getting a routable IP.
As far as do I like the setup? I love it. Not too many people have cable
modems in my area, so saturation is not an issue. I have heard dialup speed
horror stories from people that live in neghborhoods with lots of techies
living there. I installed a Nokia IP410 and VPN-1 4.1 with the external
cable modems ethernet attached to the outside NIC, and connected a 3COM
Airconnect 11MB Wireless hub via crossover to the internal NIC. I then built
a VPN over to my office, and whala! I never have to go back to the office
again (I wish), and I can weed the flower bed while I answer emails!
Frank
Frank
Frank
-----Original Message-----
From: Dameon D. Welch-Abernathy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2000 12:58 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] Cable routers
On Thu, Jun 08, 2000 at 10:23:38AM +0000, [EMAIL PROTECTED] wrote:
> My understanding is that many cable modems/routers use proprietary
> encrpytion schemes for the cable modem/router to cable operator Head End
> (INA) that support the NAT functions - I am not sure what happens after it
> has passed onto to general internet though - probably nothing ?
You'd have to get a protocol analyser to see exactly what it did,
if anything.
> a. What is admin overhead of IKE vs FWZ - is it easy to maintain keys at
> client and server end ?
The client end doesn't matter so much. On the server end, it's basically
the same. Unless you use Hybrid authentication, IKE passwords are defined
in the Encryption tab.
> b. I heard that the IKE standard supports 3 modes - 1 of which still only
> has 1 key - or does CP not support this mode ?
I haven't heard this. Keys are negotiated upon first connection.
> c. What impact (apart from waiting forever for the license for 3DES !)
does
> 3DES have on admin etc. and how easy is it to transfer from DES-FWZ to
> DES-IKE or 3DES-IKE ?
Depends on the version of binaries you've already got installed. It's
basically an upgrade if not (fw ver should show VPN + DES + STRONG if
you've got the right version). Then, of course, you'll need the licenses.
Note you can do IKE without 3DES as well, you'll just be using DES.
> d. Is LDAP authenication supported across all schemes ?
I believe so, though I don't remember if I tried that.
-- PhoneBoy
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
