VPN's (fwd)
Jose Muniz
Munix-1 at PACBELL.NET
Fri Feb 25 23:20:52 EST 2000
hello guys,
Well, yes I agree with Neil, there is no way for you to sniff or probe
the
IPSec traffic and get some nice reporting and/or accounting [monitoring]
either.
It is only possible to tell the source and destination wich won't do you
any good
because it will be gateway a and gateway b.
Terminate the tunnel on a dmx prferable off the firewall and you will be
able to
filter and stuff at the firewall the sources will be the real sources as
well
as the destinations, they will practically be just regular L3 traffic,
that
you can shape and monitor taste and smell..
Yours, Jose Muniz.
>
> You can't evaluate encrypted packets. A common solution is to put the VPN
> endpoint on a DMZ (or the firewall itself) so that the firewall can see the
> decrypted packets. If you are really careful, then you re-encrypt them and
> send them on.
> Neil
>
> At 15:30 02/22/00 -0500, MARC A KURTZ wrote:
> >Has anyone ever come up with a solution for this problem ( in particular
> >from windows to linux )?
> >
> >i.e. How can we authenticate that the data going over the encrypted tunnel
> >is legitimate?
>
> VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list