Re: Modefg considered harmful

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Scott" == Scott G Kelly <scott@bstormnetworks.com> writes:
    Scott> Michael Richardson wrote:
    >> 
    >> -----BEGIN PGP SIGNED MESSAGE-----
    >> 
    >> >>>>> "Van" == Van Aken Dirk <VanAkenD@thmulti.com> writes:
    Van> Have you thought about following situation ?
    >> 
    Van> RemoteOfficeLAN-----SmallIPSecGW-----LargeIPSecGW-----CentralOfficeLAN
    >> 
    Van> Following parameters are configured on the SmallIPSecGW:
    >> 
    >> This is out of scope.

    Scott> Why is this out of scope? This is a common remote access scenario for
    Scott> deployments utilizing personal sgw's at the remote end.

  Because a) it is solveable already using existing specifications.
	  b) it has nothing to do with configuring an IPsec client. It is
	  about configuring clients that are behind IPsec gateways.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPj795IqHRg3pndX9AQE2EwP+PLW/0KqhC2v2KFGKvKB4/yOwGASsf1HW
EJyWtb0kUuUGLArnJQmDxMVNxe56BJxLKKEolUyLi1Qpo/EhoV4wAIfTX9FGAt9C
3h2/9WcPTZvJaGxPxdrgr8RUA+6GMAvFBNLdoUyjl7UybLWgJRT+wacebmw3UsO+
UU3IgiU6NW4=
=vPqE
-----END PGP SIGNATURE-----