RE: [FW1] IPSec in Transport mode or in Tunnel Mode

Wed, 14 Feb 2001 09:08:22 -0800 


Well, how does Checkpoint's SecuRemote connections work then over NATted
connections?

> -----Original Message-----
> From: Daniel Hitchcock [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, February 14, 2001 5:35 PM
> To:   '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
> Subject:      RE: [FW1] IPSec in Transport mode or in Tunnel Mode
> 
> 
> No, transport mode is not supported.  Check out
> http://www.checkpoint.com/products/vpn1/vpnwp.html (about 3/4 of the way
> down the page) for some diagrams and a description of the difference.  In
> short, transport encrypts the data and leaves the IP header intact,
> whereas
> tunnel encrypts everything including the original IP header and re-creates
> the packet with a new IP header.  Tunnel is the most preferable from a
> security standpoint.  If you need transport mode, the best solution may be
> to terminate your VPN somewhere other than the firewall
> (parallel/inside/outside depending on your network design).
> 
> HTH
> 
> Dan Hitchcock
> Security Analyst
> Breakwater Security Associates
> 206.770.0700 x147
> [EMAIL PROTECTED]
> 
> 
> -----Original Message-----
> From: Martin WF Hui [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 14, 2001 7:08 AM
> To: [EMAIL PROTECTED]
> Subject: [FW1] IPSec in Transport mode or in Tunnel Mode
> 
> 
> 
> Hi,
> 
> Please tell me whether Checkpoint FW 4.1 can support IPSec in Transport
> Mode.  What is the benefits on using Transport mode rather than Tunnel
> mode.
> Please also teach me how to build a Transport Mode IPSec Tunnel.
> 
> Thanks a lot.
> 
> Martin
> 
> 
> ==========================================================================
> ==
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ==
> ====
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to