nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPSectarianism

From: <mdevney () teamsphere com>
Date: Tue, 16 Jan 2001 22:14:48 -0800 (PST)

On Tue, 16 Jan 2001, Dave Wardle, Critical Networks, Inc. wrote:


Date: Tue, 16 Jan 2001 18:48:31 -0800 (PST)
From: "Dave Wardle, Critical Networks, Inc." <dave () criticalnets com>
To: nanog () merit edu
Subject: IPSectarianism


Is anyone on the list aware of Service Providers (ISP/NSP...) who DO
block IPsec traffic, with or without informing their customers or peers?


I used to work for an ISP (http://www.pilot.net) who blocked *all* traffic
except that specifically asked for, in the interests of security.  This
was spelled out in the sales contract, and in fact was a prime selling
point.  (I ipened a lot of pinholes in a lot of firewalls for IPsec.)  I
imagine there are other ISPs who do the same.  


From a customer standpoint, where I am now, I would never sign on with an

ISP/NSP who filtered *any* traffic.  I can manage my own firewall thank
you very much.[1]  I pay them for network access, to get my packets from
me to elsewhere and back, not to be my guardians.  


I'm trying to assess the pros and cons of major Enterprise Customers
basing their entire remote office/small office/mobile network access
strategy on some type of IPsec based VPN solution.


I've been very happy with Cisco's IPsec VPNs from PIX to PIX.  They're
reasonably stable, very easy to set up, and since I'm not the one paying
12 grand + for what amounts to a 2-year-old desktop box running modified
IOS, their price is right.  Oftentimes clients simply say "Cisco?  Cool,
here's some money."  Only caveat being, you really need the failover.  

Mobile, I can't help you, sorry.



Any thoughts?

Cheers
Dave

-------
Dave Wardle, Principal Consultant 
Critical Networks, Inc.
-------
Email:    dave () criticalnets com
Homepage: www.criticalnets.com
-------
Cell:     831 332 1021
Tel:      831 662 1710
Fax:      831 662 1710
-------



[1] Please no snide comments about my current provider, I am not too
pleased with them for exactly the reason you're thinking and am discussing
other options with my supervisor.
Previous By Date Next
Previous By Thread Next

Current thread: