IPsec problems/ideas.

[Zep <zep () nemesis mmind net>]

        Not sure which mail lists this is most appropriate to, so I'll
just try the 'basic' for now.  I'm running into a bit of a problem,
I have a configuration of machines in a DMZ and those on the inner
protected network.  I want to be able to send data back through the 
firewall for things like ldap lookup, but I want it encrypted.

        I've been poking at ipsec for this, because (from what I've
read), I can seamlessly poke it into the conversation and all is
encrypted.  and I can configure it to just encrypt the traffic that I'm
worried about.

        The problem that I'm running into is that since IPsec encrypts
the TCP header, so the firewall can't see that it's traffic bound for 
port X and thus should be allowed.

        So what I'm looking for is suggestions/ideas/whatever of ways
around this... I'd like something that acts like ipsec but just encrypts
the data part of the packet, but leaves the rest of the header alone.

Thanks in advance for any suggestions.   Not sure if it's relevant, but
this is all on Solaris 8 based machines.
-- 
                                             - Zep
                                      (zep () nemesis mmind net)

Traveling through hyperspace ain't like dusting crops, boy.