As a CNE for many years, I have grown to hate IPX, and yes Carric, it is often a neccessary evil. One solution might be use novell's Border Manager and VPN it in using their client/host method. It works rather well although it hammers the hell out of your BM box. We have alot of IPX floating around here as well and the problem you will encounter if you try to write filters yourself is that there appears to be no limit to the number of SAP types you have to contend with and just when you think you have them all filtered.... The VPN uses 128 bit encryption and is fairly easy to setup at both the server and client side, you can also do site to site VPN's with it if that fits your plan. Dave Hecht Sr. Systems Analyst City of Bakersfield (661)326-3726 voice www.bakersfield.ca.us (805)852-2063 fax >>> Carric Dooley <[EMAIL PROTECTED]> 6/9/99 12:52:33 PM >>> I have a quick question that I was hoping to find some input on. I have a requirement for getting IPX into my network over and IP VAN. There is a proposed solution currently that I DON'T like, but I want to see how many viable alternatives there are. The current proposal is to creat a PPTP tunnel right into our network, and just tunnel IPX through it. All other IP traffic is pumped into our Private DMZ. I have proposed SecuRemote (as FW-1 firewalls are involved) but that was immediately poo-poo'd. Given PPTP's track record, I don't really trust it. I want to know what alternatives there might be for safely encapsulating IPX and getting it inside the network without introducing too much danger. Please let me know what you think. Thank you Carric Dooley COM2:Interactive Media http://www.com2usa.com - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
