[KLUG Members] IPSEC operation Issues

Adam Williams members@kalamazoolinux.org
27 Sep 2002 06:10:40 -0400

Previous message: [KLUG Members] IPSEC operation Issues
Next message: [KLUG Members] Mandrake 9.0
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Has anyone experienced any problems when deploying IPSEC in
>their production environments? We are debating using IPSEC
>between a Solaris and HPUX system, as the necessary binaries
>are provided with both. Several firewalls reside between the
>hosts, but I am not aware of any NAT'ing going on. We would
>like to use AH and ESP to encrypt the headers and payload. We
>are also possibly debating using Checkpoint Firewall-1 to
>provide this functionality. I believe this would be a much
>more efficient means. Just curious what the gurus on the list

ipSEC is a genuine pain to get through firewalls,  and it *CANNOT* work
if there is NAT-ing at any point.

But if your client/server support "UDP encapsulation" it should go
through like it was coated with warm butter.  But not all combinations
of client & server support that.

-- 
----------------------------------------------------------------
This message undoubtedly processed by the purely benevolent "US
Department of Homeland Security",  but don't worry... they're
only goal is to protect life, liberty and the pursuit of property.

Previous message: [KLUG Members] IPSEC operation Issues
Next message: [KLUG Members] Mandrake 9.0
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]