nate said: > adapt it into my network the way I want then it won't get used. That said, > at my last company we did deploy IPSec gateways but the only reason we did > this was for the win32 users. IPSec/PPTP seemed to > be the only modern(e.g. can run on newer versions of win32) VPN > solutions at the time, so we didn't have a lot of choice as far as > protocols go. > > luckily the unix and linux world(moreso in linux) there is still > a wide range of VPN options available.
forgot to mention that we also had linux VPN too(they were using vpnd when I started, a bit over a year later I switched to vtun). the linux solution was far more flexible then the vendor VPN product which was a Cisco VPN 3005. The linux products natually supported full network<->network connections. the Cisco product only supported host->network connections. If you wanted a network<->network product you needed to buy a dedicated vpn box which was like $1000 (on top of the VPN 3005 which was another $2000 at the time I think, maybe $3000). Cisco supports linux with their VPN product, but the client as of 8 months ago anyways wasn't that well designed, e.g. it would not work AT ALL on 2.4.x kernels if you had iptables loaded(you need'nt have any rules, just the code itself loaded). then there was the day where the VPN 3005s decided they would start crashing on their own for no apparent reason causing nearly 6 hours of network downtime. After 3 months of flawless operation, all of a sudden crashing 20-30 times in 1 day ?!?! reminds me of the days when I had to deal with MS products on a regular basis. for some companies a commercial VPN product like the cisco 3005 may be good, but for my former company, a company small enough that the CEO had to approve purchases over $250, and having our budget cut by nearly 95% from when I started to when I finished, there was much better things I'd rather spend the company money on then commercial vpn products(e.g. better server room cooling, better battery backup systems, replace 6 year old 10megabit switches with 30% bad ports with modern switches, more ram, more hd space, more tape backups). unfortunately we had little choice, we did a lot of research and the cisco worked the best(of what was tested) from behind NAT servers(which home users make extensive use of). And the purpose of the IPSec system was primarily to support win32 clients connecting in from remote sites(e.g. home, hotels etc). nate -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
