I would like to implement a lan to lan ipsec tunnel between our main office that has a cisco 3000 concentrator, and a remote office. My question is, what are my requirements? Can I use a netgear firewall with vpn capabilities on the remote to accomplish this? All I have read about lan to lan refers to cisco equipment to cisco equipment, are there any other alternatives?
As long as the NetGear FW conforms to the IPSec specs, which I'm sure it would, then you can build a LAN-to-LAN tunnel between it and any other device that conforms to the spec (the VPN3000 included).
I don't have a sample config of this specifically, but just make sure the configs on both sides match up (encryption, authentication, DH group, etc), and most importantly, make sure your defined crypto traffic is the exact opposite of each other.
A 10 user PIX 501 should cost US$400. A 50 user should cost US$750. Going with cisco means you have one vendor to deal with for support (no fingerpointing between vendors when something doesn't work), and there are probably 20 people with PIX to 3000 tunnels set up for every one with netgear to 3000 tunnel, so it is easier to find answers for problems that may crop up. If you have only one site, I'd recommend buying some cisco device to avoid these potential headaches
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...