Jason Costomiris writes:
> On Monday, February 3, 2003, at 01:38 PM, Dick St.Peters wrote:
>
> > A DMZ accessed _only_ over a VPN isn't much of a DMZ. The usual
> > purpose for a DMZ is a place to locate bastion hosts that provide
> > public services and run proxies allowing the internal network
On Monday, February 3, 2003, at 01:38 PM, Dick St.Peters wrote:
Jason Costomiris writes:
On Sunday, February 2, 2003, at 11:11 PM, Dick St.Peters wrote:
Giving a remote site access to the DMZ over the VPN is exactly the
example intended.
Ok, if that's the case, what's wrong with RFC 1918 sp
> OK, now that we have come down to publishing the who's who in the network
> community... I'd like to take advantage of this great opportunity to pose a
> question. Since M$ came out with PPTP and had it incorporated into their
> server products, why did they migrate to IPSEC on Win2k? Is the fa
Jason Costomiris writes:
> On Sunday, February 2, 2003, at 11:11 PM, Dick St.Peters wrote:
> > Giving a remote site access to the DMZ over the VPN is exactly the
> > example intended.
>
> Ok, if that's the case, what's wrong with RFC 1918 space in the DMZ???
> If this DMZ is only ever accessed
On Sunday, February 2, 2003, at 11:11 PM, Dick St.Peters wrote:
Giving a remote site access to the DMZ over the VPN is exactly the
example intended.
Ok, if that's the case, what's wrong with RFC 1918 space in the DMZ???
If this DMZ is only ever accessed over a VPN, using globally routable
IP
On Monday, February 3, 2003, at 03:51 AM, Christopher Lyon wrote:
I am sure AH and ESP doesn't care if the IP checksum changes because
that is just down one layer. ESP and AH are separate from TCP and UDP
so
most firewall's won't even perform NAT on these packets.
Unfortunately, AH does care.
> From: Dick St.Peters [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, February 02, 2003 8:11 PM
>
>
> Jason Costomiris writes:
> > On Sunday, February 2, 2003, at 03:41 PM, Dick St.Peters wrote:
> > >
> > > A DMZ with RFC1918 private-IP-space addressing? I'll grant that's
> > > imaginative ... kinda
OK, now that we have come down to publishing the who's who in the network
community... I'd like to take advantage of this great opportunity to pose a
question. Since M$ came out with PPTP and had it incorporated into their
server products, why did they migrate to IPSEC on Win2k? Is the fact that
Jason Costomiris writes:
> On Sunday, February 2, 2003, at 03:41 PM, Dick St.Peters wrote:
> >
> > A DMZ with RFC1918 private-IP-space addressing? I'll grant that's
> > imaginative ... kinda useless though.
>
> Useless? Hardly. Most ISPs aren't handing out lots of IP space,
> particularly to
On Sun, 2003-02-02 at 14:41, Dick St.Peters wrote:
> Jason Costomiris writes:
> > On Saturday, February 1, 2003, at 09:31 PM, Dick St.Peters wrote:
>
> > > Oh yee of little imagination ... start with the obvious case: two NICs
> > > on the gateway, one in net2, the site's DMZ, another in net3, it
On Sunday, February 2, 2003, at 03:41 PM, Dick St.Peters wrote:
A DMZ with RFC1918 private-IP-space addressing? I'll grant that's
imaginative ... kinda useless though.
Useless? Hardly. Most ISPs aren't handing out lots of IP space,
particularly to small customers these days. You do NAT fo
Jason Costomiris writes:
> On Saturday, February 1, 2003, at 09:31 PM, Dick St.Peters wrote:
> > Oh yee of little imagination ... start with the obvious case: two NICs
> > on the gateway, one in net2, the site's DMZ, another in net3, its
> > internal network. Aggregate that one.
>
> Well, I'm s
On Sunday, February 2, 2003, at 11:36 AM, Larry Brown wrote:
I
would like to see RedHat pick up this software for inclusion to its
distro's. The hardest part of implementing FreeSWAN is the
installation.
Configuration is not bad at all.
It's not even hard to install at this point! Take a lo
My mentioning FreeSWAN was just to let the original list user know the fact
that it is a solid option. It is not as easy as most to install but after
being familiar with how it works and how to add/remove tunnels to subnets,
it is highly configurable. Plus the fact that you can add/remove tunnels
On Saturday, February 1, 2003, at 09:31 PM, Dick St.Peters wrote:
Jason Costomiris writes:
On Saturday, February 1, 2003, at 03:17 PM, Dick St.Peters wrote:
net1 <--> net2/net3
This requires good network planning.
No, this requires planning your network around IPsec, which is not
the
s
Jason Costomiris writes:
> On Saturday, February 1, 2003, at 03:17 PM, Dick St.Peters wrote:
>
> >> net1 <--> net2/net3
> >>
> >> This requires good network planning.
> >
> > No, this requires planning your network around IPsec, which is not the
> > same thing as good network planning. Other VP
On Saturday, February 1, 2003, at 03:17 PM, Dick St.Peters wrote:
net1 <--> net2/net3
This requires good network planning.
No, this requires planning your network around IPsec, which is not the
same thing as good network planning. Other VPN technologies fit into
the network you have ... or
nate said:
> adapt it into my network the way I want then it won't get used. That said,
> at my last company we did deploy IPSec gateways but the only reason we did
> this was for the win32 users. IPSec/PPTP seemed to
> be the only modern(e.g. can run on newer versions of win32) VPN
> solutions at
Dick St.Peters said:
> There may be times when recommending vendor VPN solutions is
> appropriate, but in my opinion this is not one of them.
I agree. the original poster seemed to have very simple requirements.
IPSec(IMO) over complicates things a great deal. It's a good technology,
just too ri
Jason Costomiris writes:
> Err.. You recommend AGAINST using strong encryption?
No, of course not. I've previously posted my recommendation of
different and more convenient strong encryption - CIPE or OpenVPN.
> You've got double the number of tunnels you need. In fact, if you've
> setup the
On Friday, January 31, 2003, at 09:57 AM, Dick St.Peters wrote:
I've used FreeSWAN extensively and currently recommend against it to
my users unless they absolutely need IPSEC for some reason.
Err.. You recommend AGAINST using strong encryption?
IPSEC is considerably more complex than most
Larry Brown writes:
> I just wanted to chime in on this. FreeS/WAN is an IPSEC implementation
> that I've used a number of times and they stay up as long as the internet is
> up on both ends. From what I've read it is very strong encryption and you
> can feel pretty safe that everything is encryp
, 2003 7:14 PM
To: [EMAIL PROTECTED]
Subject: More VPN info
I appreciate all the prompt replies with lots of great info. Here's a
little more information about what we're trying to do. We want to use it
to link a remote branch office with our main office, there's a network on
both
I appreciate all the prompt replies with lots of great info. Here's a
little more information about what we're trying to do. We want to use it
to link a remote branch office with our main office, there's a network on
both ends so we need it to be up all the time. There won't be any users of
24 matches
Mail list logo
