Page 2 of 2 FirstFirst 12
Results 21 to 31 of 31
  1. #21  
    Quote Originally Posted by nrosser
    I maintain that VPN is really a laptop paradigm - there are lots of handheld-specific apps to get to the back end. What is it you need VPN for?
    For example, you might want to check out Avocent's 'Sonic' suite of IT admin tools via a handheld (and no VPN) - www.avocent.com

    And to use a general example, wireless email on a handheld (whether it's Treo or RIM, or ANY) does not ever use VPN. Using VPN to access email is what IT folks are used to, generally, and they want to apply laptop 'stuff' to the world of handhelds.

    Just curious what app you're wanting VPN for.....
    Laptop paradigm? Maybe... maybe not.

    I think the real issue is that you may not have control over what your IT department is using to get into the corporate network.

    If I need to telnet into a box to kill a process, I'm stuck with VPN. I have no control over the firewall gods where I work.

    The 650 with it's hi-res screen I find to be quite adequate for console apps like Telnet and SSH. I would say great when you are in a jam and you don't want to carry your laptop everywhere
  2. #22  
    Quote Originally Posted by FletchFFletch
    This is not true. I do it all the time with the WindowsXP PPTP client behind a NAT router. It's more likely that Cingular simply blocks the necessary ports (or perhaps that the Mergic implementation does not work with NAT).

    Have you tried contacting the Mergic author? In the past he has been very responsive and tends have the latest info on which service providers block what services as well as any known tricks to make it work.
    You must be correct. I've connected via VPN from beind my router at home many times. I wonder if it's just port blocking.
  3. #23  
    I have a 650 and Cingular MedaNet. i have been unable to create a VPN connnection to a Windows 2000 Server using the PPTP protocol. I have been uisng the only Palm OS PPTP VPN client I can find, Mergic VPN. After serveral phone calls to Cingular, they admit they are blocking the transmission on GRE's (General Encrytion Packets) through port 1723...this is the standard PPTP VPN port. They report that they are testing a way to open the port and it should be avaiable soon. They had no other alternative for me. Very frustrating.
  4. #24  
    Quote Originally Posted by superjimbo801
    This is has been raised.

    If you are using MediaWorks there is no way no how MergicVPN will ever work.

    Media works is TCP/IP but unlike the full (expensive) data package, you don't get a real IP address.

    You will probably need the laptop data package as I've heard that is the ONLY data package that gives you a real IP address.

    That being said, most IP apps work just fine on the Treo 650 with MediaWorks, because they don't care about having a real or fake IP address, but the VPN will not work.

    I'de like to be proven wrong but I used Bluetooth DUN from my laptop to verify that any kind of vpn (not just MergicVPN) will not work.

    I have gone as far as trying to log in using the ISP username and password for the more expensive data package and the service (true ISP with real IP) is physically locked out by an account flag.

    Damn, I'm glad I stayed to Sprint, for my $10 vision, just d/led my free copy of Mergic and connected to my job and pinged a couple of servers!
    "They say my ghetto instrumental detrimental to kids, as if they can't see the misery in which they live." Krazy -Tupac Shakur

    "Should we cry when the pope die? My request, we should cry if they cried when we buried Malcom X." Blasphemy - Tupac Shakur
  5. #25  
    Thanks. Has anyone been able to verify that a PPTP VPN connection can be made by a laptop, 650 or whatever, by using the standard Cingular DATA Connect plans?
  6. #26  
    Alee, nice points, but again, a fallacy.

    You can have centralized control without layers of technology. It's about process, not the tech.

    VPN provides nothing in terms of security that can't be found in other cheaper and more open solutions.

    Most CIO's are technology, and morever security, uninformed.
    VPN's are just sucker sell to make them feel more secure.

    And yes, Netscreen is still a fair example...there is no fat client install.
  7. #27  
    Quote Originally Posted by mikec
    jimma,
    yes, vpn is dead.

    alternative include:
    - ssh (already mention)
    - SSL POP or IMAP
    - Secure Web proxies, ex. Netscreen
    - SSL web services (or other protocols)

    There is very little that needs access that justifies the cost and overhead of VPNs.

    Most corps are still hard shell, soft center (like a peanut butter M&M) when it comes to security, instead of "lemondrop" (hard throughout)
    VPN is hardly dead.

    That SSL stuff you're talking about? Guess what they call it - VPN. (i.e. Neoteris/Netscreen/Juniper, Aventail, and other 'SSL VPN' vendors). And there are plenty of other uses for IPSEC these days.

    Yeah, PPTP is a joke and I *****slap anyone who asks me if I can set it up. I don't care if it comes with windows. You will use the SSL VPN or the IPSEC VPN and like it or shut the hell up.

    And IPSEC VPN is hardly dead. It is *the* standard for site-to-site VPN. And there are plenty of companies who have deployed IPSEC client VPNs (just check out all the folks trying to get the Treo650 Movian client working with the Cisco 3000) who see no business case for throwing that all away and deploying SSL.

    But to just say "VPN is dead"...that ain't quite true.
  8. #28  
    Quote Originally Posted by FletchFFletch
    This is not true. I do it all the time with the WindowsXP PPTP client behind a NAT router. It's more likely that Cingular simply blocks the necessary ports (or perhaps that the Mergic implementation does not work with NAT).
    It also depends on the firewall. Checkpoint, for example, (which used to the teh shizzle and now is teh suck) can't handle multiple PPTP sessions outbound through a many-to-one NAT. It may not be conscious blocking as much as limitations in the network design.
  9. #29  
    Quote Originally Posted by mikec
    Alee, nice points, but again, a fallacy.

    You can have centralized control without layers of technology. It's about process, not the tech.

    VPN provides nothing in terms of security that can't be found in other cheaper and more open solutions.

    Most CIO's are technology, and morever security, uninformed.
    VPN's are just sucker sell to make them feel more secure.

    And yes, Netscreen is still a fair example...there is no fat client install.

    You missed alee's point - there is no fat client but they still call it a VPN. I think what you mean is that PPTP is dead (true) and IPSEC is dead (which I don't believe). Yeah, SSL vpns are great but not good enough yet to justify throwing away a perfect good Cisco 3000.

    Unfortunately for email, the corporate standard these days is Outlook/Exchange. And I don't know too many people who like the feeling of having an IIS server exposed to the Internet to serve webmail and/or SSL IMAP - thus a box like the Neoteris.

    The really bad news is that getting a device like the Neoteris box to work with the Minibrowser in the Treo is a PITMFA. But the good news is I can offer the users (or could, if I could buy it) an IPSEC connection which is secure enough.

    Hey, if all our services were run on hardened unix boxes that'd be great. But as long as they want Exchange then we'll need VPNs...
  10. #30  
    Quote Originally Posted by JakiChan
    VPN is hardly dead.

    That SSL stuff you're talking about? Guess what they call it - VPN. (i.e. Neoteris/Netscreen/Juniper, Aventail, and other 'SSL VPN' vendors). And there are plenty of other uses for IPSEC these days.

    Yeah, PPTP is a joke and I *****slap anyone who asks me if I can set it up. I don't care if it comes with windows. You will use the SSL VPN or the IPSEC VPN and like it or shut the hell up.

    And IPSEC VPN is hardly dead. It is *the* standard for site-to-site VPN. And there are plenty of companies who have deployed IPSEC client VPNs (just check out all the folks trying to get the Treo650 Movian client working with the Cisco 3000) who see no business case for throwing that all away and deploying SSL.

    But to just say "VPN is dead"...that ain't quite true.
    I should clarify - Proprietary, hardware, and client software for VPN is dead (or dying out).

    IPSEC is not hardware specific, so I don't lumped it in VPN. It's like SSH. Same with "SSL VPN", which really isn't tradition VPN, but rather secured reverse proxy.
  11. #31  
    Quote Originally Posted by JakiChan
    You missed alee's point - there is no fat client but they still call it a VPN. I think what you mean is that PPTP is dead (true) and IPSEC is dead (which I don't believe). Yeah, SSL vpns are great but not good enough yet to justify throwing away a perfect good Cisco 3000.

    Unfortunately for email, the corporate standard these days is Outlook/Exchange. And I don't know too many people who like the feeling of having an IIS server exposed to the Internet to serve webmail and/or SSL IMAP - thus a box like the Neoteris.

    The really bad news is that getting a device like the Neoteris box to work with the Minibrowser in the Treo is a PITMFA. But the good news is I can offer the users (or could, if I could buy it) an IPSEC connection which is secure enough.

    Hey, if all our services were run on hardened unix boxes that'd be great. But as long as they want Exchange then we'll need VPNs...
    They may call is VPN without a client, but that is not the traditional meaning. It's just marketspeak.

    I do not think IPSEC is dead.

    As for exposing servers on the internet, I suppose it just depends how competent your staff is. This is not the boogeyman people make it out to be.

    I know many people that expose Exchange though secure web services through the net...no need for extra hardware.

    Again, depends on the competency of you stafff.

    My point is the Nortels, Ciscos, and others of the world push VPN hardware and client software as a solution, but in the end they handtie an organization in terms of support, flexibility, maintainance, etc.

    (And "SSL VPNs" are only marginally better; they usually require IE, and don't support other browsers. (I completely agree on the Treo access issue). But since most people have IE, I give it a marginal pass. Hopefully, they will develop to support other browsers, although today, there are still many reverse proxy solutions that will solve this problem and work with all browsers (IE, Opera, Firefox, Netscape, etc.))
Page 2 of 2 FirstFirst 12

Posting Permissions