Re: Modefg considered harmful

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Van" == Van Aken Dirk <VanAkenD@thmulti.com> writes:
    Van> Have you thought about following situation ?

    Van> RemoteOfficeLAN-----SmallIPSecGW-----LargeIPSecGW-----CentralOfficeLAN

    Van> Following parameters are configured on the SmallIPSecGW:

  This is out of scope.

  SmallIPsecGW should run a DHCP relay, and tunnel the packets through the
VPN to the CentralOfficeLAN's DHCP server.

  The only "difficulty" is that the IP addresses provided to the
RemoteOfficeLAN will need to either fit into the existing tunnel that
SmallIPsecGW has, or that SmallIPsecGW should have a somewhat "wide" policy
for all communication from RemoteOfficeLAN<->CentralOfficeLAN, and use
per-host keying to create new LANs.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPj7UAoqHRg3pndX9AQH8lgP/ReFXm9Www9hi+RJaB94lnecr+r+PIi68
wvHHFepa2dpt/a8buGQelNV0+FDhr4D4+ogkpUwwpAmLFSByuvPe0CURp43p9zWP
Vh7CqwZfGkzSp5Ab03hzFmG8UkC446Pg0FNx+qsxzqkt8TelM3tMSLG+iZMG5oza
2/FvdBI+tck=
=TXIU
-----END PGP SIGNATURE-----