[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VPN<->Firewall

To: Nishant Mishra <nxmishra@yahoo.com>
Subject: Re: VPN<->Firewall
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Mon, 08 Nov 1999 12:01:25 -0500
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Sat, 06 Nov 1999 03:22:33 PST." <19991106112233.9514.rocketmail@web1705.mail.yahoo.com>
Sender: owner-ipsec@lists.tislabs.com


>>>>> "Nishant" == Nishant Mishra <nxmishra@yahoo.com> writes:
    Nishant>    Can any one elaborate what interaction is
    Nishant> required between a VPN software and Firewall?
    Nishant> Apart from keeping holes in Firewall for
    Nishant> VPN channels are there any interaction required ?

  Ideally you don't poke holes in the firewall randomly. The firewall
gets to continue auditing if desired. You support IPsec for gateway-gateway,
and client-gateway work, and you provide that a connection (telnet, http,
etc.) that comes in protected by IPsec will be accorded increased priveledges 
by any higher layer proxies than if it wasn't protected by IPsec. (What that
means is up to the admin)

]                   At IETF46 in Washington, DC                 |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:

VPN<->Firewall

From: Nishant Mishra <nxmishra@yahoo.com>

Prev by Date: RE: VPN<->Firewall
Next by Date: iaPCBC design
Prev by thread: RE: VPN<->Firewall
Next by thread: Re[2]: Main mode using pre-shared keys
Index(es):
- Main
- Thread