[KLUG Members] IPSEC operation Issues
Adam Williams
members@kalamazoolinux.org
27 Sep 2002 06:10:40 -0400
>Has anyone experienced any problems when deploying IPSEC in
>their production environments? We are debating using IPSEC
>between a Solaris and HPUX system, as the necessary binaries
>are provided with both. Several firewalls reside between the
>hosts, but I am not aware of any NAT'ing going on. We would
>like to use AH and ESP to encrypt the headers and payload. We
>are also possibly debating using Checkpoint Firewall-1 to
>provide this functionality. I believe this would be a much
>more efficient means. Just curious what the gurus on the list
ipSEC is a genuine pain to get through firewalls, and it *CANNOT* work
if there is NAT-ing at any point.
But if your client/server support "UDP encapsulation" it should go
through like it was coated with warm butter. But not all combinations
of client & server support that.
--
----------------------------------------------------------------
This message undoubtedly processed by the purely benevolent "US
Department of Homeland Security", but don't worry... they're
only goal is to protect life, liberty and the pursuit of property.