A user e-mailed me off-list some time ago to let me know that racoon works with the latest firmware but you must use sha1 as the hash_algorithm in the remote//proposal section, whereas previously, md5 was okay.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andreas v. Heydwolff Sent: Wednesday, August 14, 2013 4:02 AM To: [email protected] Subject: Re: [SunRay-Users] SRS + Firewall + TC: port question On 2013-08-14 00:36, Jim Klimov wrote: > On 2013-08-13 23:42, Nishimura, Scott L (ESS) wrote: >> Is there a way I can specify which port the communication goes over, >> increasing my chances that my Information Security team will approve >> the FW rule request? > > One thing you can do, and security people might be happy about, is > setting up a VPN (Cisco ASA, Linux/Raccoon, etc.), which the SR2 and > newer clients can directly log into. Racoon does not work any more with newer versions of SRSS. This is one of the reasons why I decided to use ThinLinc. During my last year's trial of a then recent SRSS I had to acknowledge that the IPSEC authentication mode had been changed to another protocol that is not racoon compliant. BTW, I have a brand new Cisco ASA505 or some such for sale that during this trial I had already purchased, but I never went throught the pains of configuring it. Please email me privately if you want confirmation about the type and perhaps buy it (I'm located in Austria, Europe). Best regards, Andreas v. Heydwolff _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
