RE: IPsec problems/ideas.

["Naman Latif" <naman.latif () inamed com>]

I am not sure, if Solaris supports it. If I remember correctly, using
IPSec in "Transport" mode instead of "Tunnel", would only Encrypt the
Payload and not the Packet Header. However you will then have to make
sure that the addresses in the Header Field are Public and Routable
through Internet.

Regards \\ Naman


> -----Original Message-----
> From: Zep [mailto:zep () nemesis mmind net] 
> Sent: Tuesday, October 15, 2002 10:06 AM
> To: security-basics () securityfocus com
> Subject: IPsec problems/ideas.
>
>
>
>
>       Not sure which mail lists this is most appropriate to, 
> so I'll just try the 'basic' for now.  I'm running into a bit 
> of a problem, I have a configuration of machines in a DMZ and 
> those on the inner protected network.  I want to be able to 
> send data back through the 
> firewall for things like ldap lookup, but I want it encrypted.
>
>       I've been poking at ipsec for this, because (from what 
> I've read), I can seamlessly poke it into the conversation 
> and all is encrypted.  and I can configure it to just encrypt 
> the traffic that I'm worried about.
>
>       The problem that I'm running into is that since IPsec 
> encrypts the TCP header, so the firewall can't see that it's 
> traffic bound for 
> port X and thus should be allowed.
>
>       So what I'm looking for is suggestions/ideas/whatever 
> of ways around this... I'd like something that acts like 
> ipsec but just encrypts the data part of the packet, but 
> leaves the rest of the header alone.
>
> Thanks in advance for any suggestions.   Not sure if it's 
> relevant, but
> this is all on Solaris 8 based machines.
> -- 
>                                              - Zep
>                                       (zep () nemesis mmind net)
>
> Traveling through hyperspace ain't like dusting crops, boy.