Firewall Wizards mailing list archives

RE: VPN options not export restricted

From: "Geldenberg, Aleksandr" <ag60179 () imcnam sbi com>
Date: Wed, 15 Jul 1998 08:23:13 -0400

Hello, Lyndon

The biggest show stopper for using FW-1 SecuRemote solution for us, was the
fact that clients use firewall's management station as certificate authority
to verify firewall's public key.  Therefore, the management station should
be seen by remote clients, who, in your case, are coming from the Internet.
The easy solution is to combine management station with the gateway and put
them on DMZ.  But it can lead to greater risk in compromising this box and
grabbing control over management station.  Plus the DMZ with management
station should be routable to other DMZs where you have just inspecting
gateways managed by this station.

I tried to play with NAT, but I believe there is no way to tell SecuRemote
client what the address of management station is.  The address of management
station is sent to a client together with encryption domain.

For now, I could not find a usefulness in SecuRemote.  A lot of people will,
probably, oppose my opinion.

I am testing VTCP/Secure by InfoExpress right now.  So far I found this VPN
solution much friendlier and more useful than other ones.  It employs
exportable DES encryption as well as domestic one.  

Regards,

Alex

-----Original Message-----
From: Lyndon David [SMTP:lyndond () sentinet co uk]
Sent: Tuesday, July 14, 1998 9:06 AM
To:   firewall-wizards
Subject:      VPN options not export restricted

Hi,

I have a requirement to form an encrypted link from some laptops back to
a central dial-in box. I absolutely dont want to be constrained by any
export key lengths and preferably want something like tripple DES. The
laptops will be running either NT or 95.

Other than secureremote for Firewall-1 that integrates nicely into such
solutions and I know about and discounting unsupported roll your own
solutions can anyone point me in the direction of some appropriate
products to do this ?

Thanks

--
Lyndon David   Internet and Intranet development
Sentinet Ltd   http://www.sentinet.co.uk

Current thread:

VPN options not export restricted Lyndon David (Jul 14)
- Re: VPN options not export restricted Joseph S. D. Yao (Jul 15)
- Re: VPN options not export restricted Ted Doty (Jul 17)
- Re: VPN options not export restricted ICMan (Jul 17)
  - Re: VPN options not export restricted Ted Doty (Jul 19)
- <Possible follow-ups>
- RE: VPN options not export restricted Geldenberg, Aleksandr (Jul 15)