[ale] IPSec question

Christopher Fowler cfowler at outpostsentinel.com
Tue Jul 20 11:58:10 EDT 2004


On Tue, 2004-07-20 at 11:37, Geoffrey wrote:
> Christopher Fowler wrote:
> > On Tue, 2004-07-20 at 11:19, Geoffrey wrote:
> > 
> >>Christopher Fowler wrote:
> >>
> >>>I have no control over the firewall device.  I never even see it.  some
> >>>of these networks are very large. They do not belong to me.
> >>
> >>Then you are at their mercy.  ssh or ipsec will both require proper 
> >>handling through a firewall.
> >>
> > 
> > 
> > SSH usually works fine.  Anything with TCP usually works fine.
> 
> Because they are supporting the service.  Again, you're at their mercy. 
>   Most companies don't permit just anyone vpn type connectivity.  Since 
> you don't 'manage' the firewall in question, you'll have to work with 
> each company to get ipsec connectivity.

What I make sure is that nothing has to be special for IPSec if the
firewall an pass through my tcp packets from inside can it pass through 
the IPSec packets.

In a TUN device the connections are usually made from each point and
meet in the middle.  If the client initiates the IPSec connection then 
everything should work.  Currently now I use VTUN to make all my
connections but VTUN is Linux specific.  



More information about the Ale mailing list