'RE: ipsec security and vpn stuff'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vpn
Subject:    RE: ipsec security and vpn stuff
From:       "David Bovee" <dbovee () nw ! verio ! net>
Date:       1998-08-12 0:20:21
[Download RAW message or body]

This post has too many unrelated questions.

> heard in the list last about the ipsec etc and vpn. please explain the
> following staement.
>
> "the vpn server talks ipsec and need not necessarily be placed behind a
> firewall."

This question really isn't very detailed--what do you *NEED* to know?

If you are running an NT server with an IPSec stack (not saying that it
exists), would you trust it in front a firewall?


> another question:
> say two sites want a secured connectivity for data integrity, user
          ^^^^^

	You have defined your answer before you asked your question. If both
complete *sites* want a VPN to each other and the sites are relatively large
in number (probably over 5 users each), it probably makes more sense to use
branch office VPN. However, there are downsides, perhaps user authentication
at Site A VPN server cannot be passed to a host on Site B, which could be
unacceptable.

> let us refer to the checkpoint firewall which has VPN capability
> implemented.
> so if we were to use the checkpoint at our end as a vpn server then at
> the
> other end another vpn server would be needed ?

My understanding is, you could use:
1) checkpoint clients on each client requiring VPN access
2) a checkpoint box at the remote site (probably best bet)
3) an interoperable VPN box at the remote site (probably a long shot at this
point)



--David Bovee, MCSE                 Verio Northwest
Security Engineer                   15400 SE 30th Place, Suite 202
mailto:dbovee@nw.verio.net          Bellevue, WA  98007
(425) 649-7466                      USA

****************************************************************
TO POST A MESSAGE on this list, send it to vpn@listserv.iegroup.com

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn@listserv.iegroup.com

****************************************************************

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic