[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Getting ISPs to pass IPSEC protocols 51, 50 and 4

To: ipsec@tis.com
Subject: Getting ISPs to pass IPSEC protocols 51, 50 and 4
From: Markku Savela <msa@anise.tte.vtt.fi>
Date: Thu, 14 Jan 1999 13:33:25 +0200 (EET)
Reply-to: msa@hemuli.tte.vtt.fi (Markku Savela)
Sender: owner-ipsec@ex.tis.com

This is not really technical IPSEC posting, but I just wish unburden
my mind about difficulties in testing IPSEC when ISPs and providers
have overjealous filtering on by default.

I wanted to test IPSEC connection between two points where the other
would be on a dial-up PPP, and observed

 - our own (VTT.FI) dialup lines didn't pass IPSEC (for a company
   firewall, probably a good thing by default),

Then tried two internet providers in Helsinki area that allow
anonymous dialup PPP, such that the phone line is billed by minute for
the use. I assumed that this type of connection is ideal for random
traveller and IPSEC use.

But I found that one of them didn't pass any of the IPSEC protocols
("surf" kolumbus.fi), the "Inet open" dialup lines passed the IPSEC
packets and I could complete the tests.

A small sample, but I wonder if similar problem is common globally and
whether something should be done about it, by increasing the IPSEC
awarenes and getting the blocks removed.

-- 
Markku Savela (msa@hemuli.tte.vtt.fi), Technical Research Centre of Finland
Multimedia Systems, P.O.Box 1203,FIN-02044 VTT,http://www.vtt.fi/tte/staff/msa/

Prev by Date: esp and ah introduction material
Next by Date: Re: Can ID be different than SubjectAltName field oftheCertificate
Prev by thread: esp and ah introduction material
Next by thread: ISAKMP Query
Index(es):
- Main
- Thread