Firewall Wizards mailing list archives
Re: IPv6 and IPSec
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Sat, 28 Aug 2004 05:22:32 +0530
On 26/08/04 13:47 -0700, suren wrote:
Hi, IPSec based security is MUST for IPv6. Due to this, I would assume that end systems would use IPSec to secure the traffic going out. Quite a number of times, organizations would like to filter out the connection(Firewall) run the data through centralized virus scanning/spam scanning engines. This requires clear traffic. With respect to these, I have questions on how the deployments going to be. One type of depolyments I can think of is: Central gateway implementing Firewall/Virus Scanning engine and also terminting IPSec tunnels from local PCs and creating tunnels from the gateway to ultimate destination. By doing this, the gateway gets hold of clear packets, can apply firewall rules, scan and any other operations.
Too complex. IPSec will not be a tunnel in IPv6. What you have referred to above, is just an ALG. Just ask Marcus :)
What other types of deployments would be required/considered by organizations having IPv6 networks?
Broken ones? Where simple packet filtering will continue to be used, and then they will throw good money at IPS rather than using the firewall for what it was designed to do. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IPv6 and IPSec suren (Aug 27)
- Re: IPv6 and IPSec Devdas Bhagat (Aug 28)
- Re: IPv6 and IPSec Paul D. Robertson (Aug 28)
- Re: IPv6 and IPSec Michael H. Warfield (Aug 30)
- Re: IPv6 and IPSec Paul D. Robertson (Aug 30)
- Re: IPv6 and IPSec Michael H. Warfield (Aug 31)
- Re: IPv6 and IPSec Michael H. Warfield (Aug 30)