Security Basics mailing list archives
IPsec problems/ideas.
From: Zep <zep () nemesis mmind net>
Date: Tue, 15 Oct 2002 12:06:07 -0500
Not sure which mail lists this is most appropriate to, so I'll just try the 'basic' for now. I'm running into a bit of a problem, I have a configuration of machines in a DMZ and those on the inner protected network. I want to be able to send data back through the firewall for things like ldap lookup, but I want it encrypted. I've been poking at ipsec for this, because (from what I've read), I can seamlessly poke it into the conversation and all is encrypted. and I can configure it to just encrypt the traffic that I'm worried about. The problem that I'm running into is that since IPsec encrypts the TCP header, so the firewall can't see that it's traffic bound for port X and thus should be allowed. So what I'm looking for is suggestions/ideas/whatever of ways around this... I'd like something that acts like ipsec but just encrypts the data part of the packet, but leaves the rest of the header alone. Thanks in advance for any suggestions. Not sure if it's relevant, but this is all on Solaris 8 based machines. -- - Zep (zep () nemesis mmind net) Traveling through hyperspace ain't like dusting crops, boy.
Current thread:
- IPsec problems/ideas. Zep (Oct 16)
- <Possible follow-ups>
- RE: IPsec problems/ideas. Naman Latif (Oct 17)
- RE: IPsec problems/ideas. Jordan Hrycaj (Oct 21)