Am 14:44 10.06.2003 -0400 teilte Keenan Smith mir folgendes mit:
->All,
->
->Given a single user in a single location with a static IP,
besides
->encryption, what would be the difference between using a VPN to
connect to
->the corporate network vs. changing the routing to make the
corporate network
IF they're only one hop away from the corporate network, then
all the VPN buys you is confidentiality from snoopers on that
segment (which, in some applications, could be important).
David Gillett
> -Original Message-
> From: Keenan Smith [mailto:[EMAIL PROTECTED]
> Sent: June 10, 2003
Routing will only work if the end-user has a direct physical link to the
corporate network. Some how the traffic must get from the end-user's
workstation to the corp network. If they are on broadband, for
instance, the packets would have to go to the local hardware (DSLAM,
etc), through the provi
VPN = Encryption
Static Route = no Encryption.
>
> -Original Message-
> From: Keenan Smith [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 10, 2003 2:44 PM
> To: [EMAIL PROTECTED]
>
> All,
>
> Given a single user in a single location with a static IP, besides
> encryption, what would
Try setting up the VPN using SSH.It's a simple and cost-effective way.
DRajesh
- Original Message -
From: "Aman Raheja" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 05, 2003 10:57 AM
Subject: VPN using Redhat Linux 8.0
> Hi All
> Here's the scenario:
> I have a
On Wed, 5 Feb 2003 12:57:51 -0600, "Aman Raheja"
<[EMAIL PROTECTED]> wrote:
>I have a LAN at office (Win XP Prof, Slackware Linux, Redhat Linux 8.0)
>connected to the outside world with a router.
>RH Linux server has samba installed and configured.
>I want to set up a VPN so that I can access the
Hi Aman,
You have many many options.
My personal preference is to set up an IPSec tunnel between your
external router at work and your home computer. Remember IPSec cannot
pass through a NAT, so if you have a NAT at home you would have to
tunnel nat-nat.
But SSH can also be used to do port f
Hello Aman,
You can use one of the following:
1 - Freeswan (IPSEC)
You can download IPsec at http://www.freeswan.org/. There's RPMs for
RedHat 8.0, and you'll not need to rebuild your kernel.
2 - CIPE
CIPE comes with Redhat linux. It's ver
I've used freeswan to connect our local office to the one in Singapore
and mine at home. I highly suggest reading all of the documentation
before just diving in as it can be difficult to setup at times. Be sure
to have debugging turned up as it helps out a lot when trying to find
problems.
http://
Use the IPSEC built in to the product, is good, standards based, free and
reliable. Can also use x.509v3 certs for authentication instead of
passwords.
> -Original Message-
> From: Paul Kurczaba [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 24, 2003 6:50 PM
> To: [EMAIL PROTECTED]
>
IL PROTECTED]]
Sent: Friday, January 24, 2003 10:48
To: Paul Gaskin; '[EMAIL PROTECTED]'
Subject: Re: RE: VPN & PPPoE
I don't know if Windows supports MTU discovery but I recommend looking at
Microsoft.com (I tried but my workstation keeps locking up when I do).
MTU di
From: "Paul Kurczaba" <[EMAIL PROTECTED]>
Does anyone know of a good, secure, reliable VPN for Windows 2000 that
is cheap and uses high encryption?
Is there something you don't like about the built-in one?
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Cutting the space budg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you have already bought Win2K then I would go with L2TP
If you want cheap (free, are doing this for an entire network, and are not apposed to
Linux then check out http://www.freeswan.org/
Patrick S. Harper | CISSP MCSE
[EMAIL PROTECTED]
www.Int
ecord={403}&softpage=IKW_ENU_JDocView
-Original Message-
From: MacFerrin, Ken
Sent: Thursday, January 23, 2003 4:57 PM
To: 'Paul Gaskin'
Cc: '[EMAIL PROTECTED]'
Subject: RE: VPN & PPPoE
Paul,
Given your dealing with the Linksys I would try their method and check the firmw
o&record={408}&softpage=IKW_ENU_JHitList
Also, here's the recommended values on the windows side:
http://www.winguides.com/registry/display.php/280/
-Ken
-Original Message-
From: Paul Gaskin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 21, 2003 9:27 AM
To: 'Keith T
> We used one in the Microsoft Knowledge Base. and came up with an MTU of
1366
> and this didn't seem to do the trick.
> Also, We had a concern with setting the MTU really low. How is this going
to
> effect the way other files get transferred?
I have read somewhere that MTU lower than 1408 can sta
Paul Gaskin wrote:
I am new to the list and I'm not sure if this even falls into this category
but I'm getting desperate!
We have set up a VPN and it seems to work fine everyone can log on and move
around the network and send and receive email.
One person though... on a DSL using PPPoE can not
Paul,
Can your user connect to via VPN at all?? We have
seen issues with the Linsys wireless and Cisco VPN,
but our issue was the user could authenticate but that
was the end of it. No routing redirection would take
place on the client once connected.
Our solution was to disable IPSEC passthrou
erred?
Will setting the MTU lower effect the speed of the DSL (surfing the web,
downloading files)?
Thanks
Paul
-Original Message-
From: Keith T. Morgan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 21, 2003 9:15 AM
To: Paul Gaskin; [EMAIL PROTECTED]
Subject: RE: VPN & PPPoE
Hi Paul,
I worked for a VPN company in the past. Check the MTU size. I think the
packet may not be making it thru both the IPSec encapsulation and the PPPoe
encapsulation. The max MTU size is 1524. IPSec adds overhead to the IP
packet (new header and extra data) and then PPPoe adds even more.
From: Paul Gaskin <[EMAIL PROTECTED]>
I am new to the list and I'm not sure if this even falls into this
ategory but I'm getting desperate!
We have set up a VPN and it seems to work fine everyone can log on and
move around the network and send and receive email.
One person though... on a DSL using
Paul,
I haven't had this problem before, but I would have to at least guess that the problem
is with the wireless router. Maybe it is filtering traffic or causing some other
problem. If you haven't done so already, try connecting the pc directly to the dsl and
see if that makes a difference or
From: Luan Rocha <[EMAIL PROTECTED]>
I'm configuring a server(win2000 advanced server) to provide internet
for the inside network and
a VPN to do the maintaining. But i dont know why, i only can access the VPN
through the inside
network, but from internet i get an error that my server is not r
Do your filters allow IP GRE and TCP PPTP traffic?
That could be blocking you.
Ted Frederick
-Original Message-
From: Luan Rocha [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 28, 2002 1:24 PM
To: Security basics
Subject: VPN
Hey,
I'm configuring a server(win2000 advanced serve
It sounds like either your router, or the Windows 2000 server is blocking
VPN traffic from outside the LAN. You need to open several ports on the
router to allow the VPN tunnel to terminate at the Windows 2000 server.
Here is a partial list:
access-list 101 permit gre any host xxx.xxx.xxx.xxx
acc
chris,
try a howto :
http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html
http://www.tldp.org/HOWTO/VPN-HOWTO/
theyre cheap...
h
..
--- Chris Berry <[EMAIL PROTECTED]> wrote:
>
>
> I understand that VPN tunnels are a form of PKI
> encryption that
> encapsulates packets between two compu
Greetings,
Here is a good article on how to VPN in W2K:
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q308208
Cheers
Gill
-Original Message-
From: Chris Berry [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 4:31 AM
To: [EMAIL PROTECTED]
Subject: VPN Tunnels
It should not be open on the Internet side. You may want to allow the VPN's
internal IP to use netbios.
- Original Message -
From: "Doug Nedwin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 10, 2002 4:11 PM
Subject: VPN
> Is it normal for a Firewall with VPN access to
What kind of firewall?
-Original Message-
From: Martin Smith
To: [EMAIL PROTECTED]
Sent: 4/17/2002 9:03 AM
Subject: VPN Question
At my company we just installed a Microsoft VPN server outside our
network and a RADIUS server on the inside. The VPN server has a direct
link
to the
In-Reply-To: <[EMAIL PROTECTED]>
Hello all,
It is my understanding that Cisco co-wrote the IPSec
code for Windows 2000. If you want to check for
yourself go to the Windows help file for IPSec.
It is also possible to use the built-in IPSec client in
Windows 2000 and connect it with a
ot my intent. I'm
speaking only to the reality of this particular issue where MS does adhere
to the RFC and *nix OSes don't.
Brownfox
-Original Message-
From: Chris Moody [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 13, 2002 10:01 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROT
In-Reply-To:
There are two Cisco VPN Clients.
First One is for connecting to Router based (IOS)
VPNs. It does not run under 2000 or XP because
Microsoft tweaked their IPSec stack. Cisco has no
time frame on when they will support 2000 or XP.
Once configured, you
Leon,
IP-SEC -=IS=- an rfc standard. The trouble is that Micro$oft doesn't adhere
to rfc's. I presume their belief is that the entire Internet and its
communities exist _because_ of Micro$oft...therefore I guess it's justified
in their minds when they decide to "implement" some sort of
GLOBA
f this email is strictly
prohibited. If you have received this email in error, please immediately
notify Extreme Networks by telephone +61 3 9785 7162.
-Original Message-
From: leon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 12 March 2002 11:01 AM
To: 'Maxime Rapaille'
Cc: [EMA
Hi Maxime,
Microsoft's implementation of IPSec in Windows 2000 isn't (or doesn't
appear to be) a true implementation as per the standards and therefore
won't connect to a Cisco router or firewall natively. I'm not sure if MS
or Cisco are to blame for this one but I've spent countless hours with
b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Maxime,
I have never gotten the cisco client to work as advertised. First
off it does not run on xp or win 2k (unless you use 3.0 and to use
3.0 you need a vpn concencentrato) ((list please correct me if I am
wrong)). If you use a vpn concent
Hi Max,
Gauntlet does support IIOP proxy. I have information from a year ago
that says version 6.0 supports IIOP proxy, but not SSL secured IIOP.
Regards,
David
> -Original Message-
> From: Maxime Rapaille [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 08, 2002 3:03 AM
> To: 'Secur
you might want to check http://www.freeswan.org/
On Mon, 4 Mar 2002, Victor Usjanov wrote:
> Hello.
>
> I have been looking lately after VPN clients for Linux. We got a VPN
> server running on Windows 2000 server - the standard VPN server that somes
> with Windows installation. I found sever
You might want to take a look at Tiny Software's enterprise solution,
Securitae.
http://www.securitae.com/home/securitae?s=1791383710291873314A0&la=EN&va=&pg
=prod_home
-Original Message-
From: Lariviere, Stephen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 24, 2002 10:00 AM
To: [
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Try to avoid PPTP.
www.counterpane.com I believe Bruce has a nice write up of all the
vulns that go with it.
Incidentally this was discussed on this list at least twice in the
last 6 weeks.
HTH,
Leon
- -Original Message-
From: Mike Carne
Just watch out I have seen cases that the clients in L2TP or IPSec mode cause issues
if running a host resident IDS or Firewall as the clients do not have a full feature
firewall imbedded.
---
Regards,
On Thu, 17 Jan 2002 17:27:31
Winsley de Oliveira wrote:
>Mike
>
>
>You can use Sonicwall
ct
(pretty inexpensive), their tech support is outstanding.
laura
-Original Message-
From: Winsley de Oliveira [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 3:28 PM
To: Mike Carney; [EMAIL PROTECTED]
Subject: Re: VPN Speed
Mike
You can use Sonicwall firewall to make your V
Hello,
Using Linux or UNIX boxes for VPN is very cost-effective and will
give you high perfomrnace VPN circuits. Just like what Ivan replied below,
you could try that with Debian, or you also may want to take a look at
http://vtun.sourceforge.net. Vtun however only works between UNIX boxes
What type of VPN solution are you looking for? LAN to LAN? or PC to LAN? or both?
how many VPN tunnels do you require? How users are behind the firewall? Depending on
the answer(s) you could look at Firewall One, Sonicwall, Watchguard, Nortel Contivity
and Cisco PIX Firewall solutions with
Cisco VPN 3000 line of products. Wide range of functionality, externsive support and
a reasonable cost range.
>>> Mike Carney <[EMAIL PROTECTED]> 01/17/02 12:53 PM >>>
Hello everyone,
I am tasked with trying to find a faster VPN solution for our company.
Currently we use Microsoft's VPN servic
For hardware VPN solutions, and price-performance I highly recommend the Netscreen
line of appliances. For lower end use, the NS5XP is excellent. I use this box
personally to connect all my VPN tunnels and remote offices.
For higher end, the NS50, 200 series, 100, 500, and 1000 are ideal!
Th
I really do not think that the encryption itself will cause a catastrophic time gain
from one to another.
You will have to get a beefier system setup or a decent hardware box that will do vpn
connections. Also, if not already done you can try segregating the VPN traffic from
generic internet/in
I have used sshd for linux and for WinNT/2K (http://sources.redhat.com) to get SSL
port forwarding. That has solved our needs and replaced the VPN services.
If you need VPN try with debian (http://www.debian.com) and install there the pptpd
(apt-get isntall pptpd) or any other kind of VPN servi
Mike
You can use Sonicwall firewall to make your VPN
tunnels.
Take a look at www.sonicwall.com
If you have any doubts, just ask me.
--- Mike Carney <[EMAIL PROTECTED]> escreveu: > Hello
everyone,
>
> I am tasked with trying to find a faster VPN
> solution for our company.
> Currently we use
FreeSwan is what you're looking for, and you want to setup IPSec between
your box and the remote host for IP level security.
- Josh Reynolds
On Mon, 19 Nov 2001, Karel Jennings wrote:
> Hey all.. I've thought that the idea of doing VPN between my home and company
> would be great, as it would
Hi!
Am Dienstag, 20. November 2001 01:07 schrieb Karel Jennings:
> Hey all.. I've thought that the idea of doing VPN between my home
> and company would be great, as it would save me time running back
> and forth. Anyway, I have linux boxes as firewalls on both ends.
> I just needed to be pointed
www.freeswan.org or you can look into www.linuxsecurity.com under section
cryptology
-Original Message-
From: Karel Jennings [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 20, 2001 3:08 AM
To: [EMAIL PROTECTED]
Subject: Vpn howto?
Hey all.. I've thought that the idea of doing VPN be
Hi Kath,
Sorry this response is a bit lagged.
Is it wise to put a VPN in the DMZ? Most definitely, placing the VPN
device in the DMZ gives a more "insulated" layer of protection to your
internal network, giving your firewall the ability to handle incoming
traffic rules.
If I might suggest a
.. that really works"
-Original Message-
From: Jeff Miller [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 16, 2001 6:39 PM
To: [EMAIL PROTECTED]
Subject: RE: VPN
True, but tell that to the already overworked admin trying to work the bugs
out of a system that if it were frame, wou
uot;) and those would break new things
-Original Message-
From: Pradeep Kumar [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 16, 2001 11:34 AM
To: Jeff Miller; [EMAIL PROTECTED]
Subject: RE: VPN
I beg to differ here. VPN is no rocket science
-Original Message-
From: Jeff
55 matches
Mail list logo
