Date: Fri, 07 Jan 2000 12:17:53 -0800 From: Gregory Carvalho <GregoryC@stcinc.com> To: FreeBSD-Security@FreeBSD.ORG Subject: Re: Configuration Validation Request Message-ID: <387649F1.1B977740@stcinc.com> References: <38760B2F.1044E20D@stcinc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Gregory Carvalho wrote: > > I have a scenario which requires IPSec, but the packets must transgress > a Microsoft Windows NT 4.0 Server running PPTP. I would like to use the > Kame IPSec package on FreeBSD 3.3R as in the diagram below. I envision > the sequence being Farside's PoPToP establishing a connection with > OutOfMyHands's PPTP, then IPSec riding that tunnel and cruising right > past OutOfMyHands to ServerSide's IPSec. Please comment on the validity > of this configuration. Clarification: Hosts connected to Farside (which is acting as firewall/gateway) attempt to talk to hosts connected to ServerSide (which is acting as firewall/gateway), so I desire for all traffic between FarSide and ServerSide to be ESP with authentication. OutOfMyHands does not contain IPSec. > > ------------------- /\ ------------------- > | FreeBSD 3.3R | / \ | WinNT4S | > | Name: FarSide | / \ | Name: OutOfMyHands| > | IPSec (Kame) | \Inet/ | MS Proxy | > | PoPToP |____\__/____| PPTP |__ > ------------------- \/ ------------------- | > | > | > ------------------- | > | FreeBSD 3.3R | | > | Name: ServerSide | | > | | | > | IPSec |__| > ------------------- > Cordially, Gregory Carvalho GregoryC@stcinc.com Simplified Technology Company http://www.stcinc.com In God I Trust! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?387649F1.1B977740>