Firewall Wizards mailing list archives
Re: IPv6 and IPSec
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Sat, 28 Aug 2004 05:22:32 +0530
On 26/08/04 13:47 -0700, suren wrote:
Hi,
IPSec based security is MUST for IPv6. Due to this, I would
assume that end systems would use IPSec to secure the traffic
going out.
Quite a number of times, organizations would like to filter out
the connection(Firewall) run the data through centralized virus
scanning/spam scanning engines. This requires clear traffic.
With respect to these, I have questions on how the deployments
going to be. One type of depolyments I can think of is:
Central gateway implementing Firewall/Virus Scanning
engine and also terminting IPSec tunnels from local PCs and
creating tunnels from the gateway to ultimate destination.
By doing this, the gateway gets hold of clear packets, can
apply firewall rules, scan and any other operations.
Too complex. IPSec will not be a tunnel in IPv6. What you have referred to above, is just an ALG. Just ask Marcus :)
What other types of deployments would be required/considered by
organizations having IPv6 networks?
Broken ones? Where simple packet filtering will continue to be used, and then they will throw good money at IPS rather than using the firewall for what it was designed to do. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IPv6 and IPSec suren (Aug 27)
- Re: IPv6 and IPSec Devdas Bhagat (Aug 28)
- Re: IPv6 and IPSec Paul D. Robertson (Aug 28)
- Re: IPv6 and IPSec Michael H. Warfield (Aug 30)
- Re: IPv6 and IPSec Paul D. Robertson (Aug 30)
- Re: IPv6 and IPSec Michael H. Warfield (Aug 31)
- Re: IPv6 and IPSec Michael H. Warfield (Aug 30)