Firewall Wizards mailing list archives
RE: VPN options not export restricted
From: "Geldenberg, Aleksandr" <ag60179 () imcnam sbi com>
Date: Wed, 15 Jul 1998 08:23:13 -0400
Hello, Lyndon The biggest show stopper for using FW-1 SecuRemote solution for us, was the fact that clients use firewall's management station as certificate authority to verify firewall's public key. Therefore, the management station should be seen by remote clients, who, in your case, are coming from the Internet. The easy solution is to combine management station with the gateway and put them on DMZ. But it can lead to greater risk in compromising this box and grabbing control over management station. Plus the DMZ with management station should be routable to other DMZs where you have just inspecting gateways managed by this station. I tried to play with NAT, but I believe there is no way to tell SecuRemote client what the address of management station is. The address of management station is sent to a client together with encryption domain. For now, I could not find a usefulness in SecuRemote. A lot of people will, probably, oppose my opinion. I am testing VTCP/Secure by InfoExpress right now. So far I found this VPN solution much friendlier and more useful than other ones. It employs exportable DES encryption as well as domestic one. Regards, Alex
-----Original Message----- From: Lyndon David [SMTP:lyndond () sentinet co uk] Sent: Tuesday, July 14, 1998 9:06 AM To: firewall-wizards Subject: VPN options not export restricted Hi, I have a requirement to form an encrypted link from some laptops back to a central dial-in box. I absolutely dont want to be constrained by any export key lengths and preferably want something like tripple DES. The laptops will be running either NT or 95. Other than secureremote for Firewall-1 that integrates nicely into such solutions and I know about and discounting unsupported roll your own solutions can anyone point me in the direction of some appropriate products to do this ? Thanks -- Lyndon David Internet and Intranet development Sentinet Ltd http://www.sentinet.co.uk
Current thread:
- VPN options not export restricted Lyndon David (Jul 14)
- Re: VPN options not export restricted Joseph S. D. Yao (Jul 15)
- Re: VPN options not export restricted Ted Doty (Jul 17)
- Re: VPN options not export restricted ICMan (Jul 17)
- Re: VPN options not export restricted Ted Doty (Jul 19)
- <Possible follow-ups>
- RE: VPN options not export restricted Geldenberg, Aleksandr (Jul 15)