![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
altivoFor a minute there I thought I was going to miss an update. LJ presented me with a page full of garbled html. I supposed it might do the same when I save this.
A 30% chance of thunderstorms tonight, twice that tomorrow. At least that's the latest. At the moment it's hot, humid, and still, as well as pretty dark outside. We heard what might have been a fox or might not out behind one of the barns, but I'm not particularly inclined to go out there with a flashlight to see. I think the sheep and horses are too big for him to eat, so he'll have to go after the neighbor's chickens again.
Got a week of vacation approved for next month even though the boss will be out of town one day of it. I have to use my vacation, I'm at the point where they're taking it away from me.
Still struggling with point to point VPN for the library consortium. The sales department at the maker of our firewall says "Oh sure, it will work," but when asked for clear instructions on setting it up, they pass me off to the tech support department where someone said "No, that doesn't work." The issue is establishing a working IPSec tunnel between two different brands of equipment. I received written instructions from a consultant who supposedly has made this combination work at two other libraries. The problem is, the stuff he is describing does NOT appear on my control interface, even after I explicitly install the same version of software he was using.
I think it's bedtime, if I can sleep in this humidity.
A 30% chance of thunderstorms tonight, twice that tomorrow. At least that's the latest. At the moment it's hot, humid, and still, as well as pretty dark outside. We heard what might have been a fox or might not out behind one of the barns, but I'm not particularly inclined to go out there with a flashlight to see. I think the sheep and horses are too big for him to eat, so he'll have to go after the neighbor's chickens again.
Got a week of vacation approved for next month even though the boss will be out of town one day of it. I have to use my vacation, I'm at the point where they're taking it away from me.
Still struggling with point to point VPN for the library consortium. The sales department at the maker of our firewall says "Oh sure, it will work," but when asked for clear instructions on setting it up, they pass me off to the tech support department where someone said "No, that doesn't work." The issue is establishing a working IPSec tunnel between two different brands of equipment. I received written instructions from a consultant who supposedly has made this combination work at two other libraries. The problem is, the stuff he is describing does NOT appear on my control interface, even after I explicitly install the same version of software he was using.
I think it's bedtime, if I can sleep in this humidity.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-05-31 03:03 am (UTC)no subject
Date: 2007-05-31 11:27 am (UTC)I hate the Watchguard, but it wasn't my choice to buy the thing. Graphical interfaces that don't let you see the overall picture in tabular form are just horrible, and especially so when the "documentation" is always two or three versions behind reality. The fact that it runs Linux internally but will only talk to Windows-based servers and control software really burns me too.
Several other libraries in the system have various Watchguard devices, and I'm told that all are now working with this VPN setup. I don't doubt it can be made to work, but Watchguard is not particularly helpful about it. I contacted the consultant who supposedly got it working at two sites, and he sent me a one page sheet of instructions. These are a step-by-step that references menus and options that simply don't exist in any version of WFS or WSM software to which I have access. He says to install WSM 9.0, which is intended to control multiple units, so I did try that, but the control interface I get for my own device still looks the same as before and apparently not at all like what he is describing.
There are two real issues. The first is setting the negotiations for the connection, and the Watchguard interface gives a lot of options for phase one and phase two, gateway and tunneling, independently of each other. Their terminology doesn't always make it clear just what you are actually activating or suppressing, and certainly doesn't match the terms Cisco uses. Worse, from one version to another of the control interface software, they keep moving these option settings around between the two "phases" so it seems they really aren't clear themselves on what they are doing.
The second issue is getting the routing and masking properly set up so that only the traffic intended for the tunnel goes through that path, and everything else stays where it is. This is an area where I find the Watchguard approach especially miserable. I don't need a proliferation of graphical thingummies showing brick walls with holes in them and other cutesy stuff, each controlling purportedly one port number or protocol but all interacting badly with one another. I want a clear, textual, table showing the way things are directed or diverted, in a hierarchical manner. They don't give me any way to get that or use it.
no subject
Date: 2007-06-01 01:40 am (UTC)They say they changed nothing, but 45 minutes later the connection activated and has been working ever since. Possibly an attempt to pass traffic through from their end was enough to bring it to life. In any case, it has continued to work for ten hours now, so I think it may finally be a success after six weeks of trying.
no subject
Date: 2007-06-03 11:15 am (UTC)no subject
Date: 2007-06-03 12:09 pm (UTC)