Security Basics mailing list archives
RE: IPsec problems/ideas.
From: "Naman Latif" <naman.latif () inamed com>
Date: Wed, 16 Oct 2002 11:20:05 -0700
I am not sure, if Solaris supports it. If I remember correctly, using IPSec in "Transport" mode instead of "Tunnel", would only Encrypt the Payload and not the Packet Header. However you will then have to make sure that the addresses in the Header Field are Public and Routable through Internet. Regards \\ Naman
-----Original Message----- From: Zep [mailto:zep () nemesis mmind net] Sent: Tuesday, October 15, 2002 10:06 AM To: security-basics () securityfocus com Subject: IPsec problems/ideas. Not sure which mail lists this is most appropriate to, so I'll just try the 'basic' for now. I'm running into a bit of a problem, I have a configuration of machines in a DMZ and those on the inner protected network. I want to be able to send data back through the firewall for things like ldap lookup, but I want it encrypted. I've been poking at ipsec for this, because (from what I've read), I can seamlessly poke it into the conversation and all is encrypted. and I can configure it to just encrypt the traffic that I'm worried about. The problem that I'm running into is that since IPsec encrypts the TCP header, so the firewall can't see that it's traffic bound for port X and thus should be allowed. So what I'm looking for is suggestions/ideas/whatever of ways around this... I'd like something that acts like ipsec but just encrypts the data part of the packet, but leaves the rest of the header alone. Thanks in advance for any suggestions. Not sure if it's relevant, but this is all on Solaris 8 based machines. -- - Zep (zep () nemesis mmind net) Traveling through hyperspace ain't like dusting crops, boy.
Current thread:
- IPsec problems/ideas. Zep (Oct 16)
- <Possible follow-ups>
- RE: IPsec problems/ideas. Naman Latif (Oct 17)
- RE: IPsec problems/ideas. Jordan Hrycaj (Oct 21)