North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IPsec with ambiguous routing
On Wednesday, February 12, 2003, at 10:40 AM, David Wilburn wrote: Well, if it's routed then it's reachable, whether or not the packets are encrypted or unencrypted. But, that doesn't mean the unencrypted traffic needs to be permitted beyond your gateways. The security association includes the source address, so you can create policies that disallow traffic except from expected hosts. As for ambiguous (asymmetric?) routing, the tunnel is, for all intents and purposes, unaware of the underlying transport architecture, so it shouldn't make any difference as long as you have decent performance on your network as a whole. We use IPSec tunnels across the internet all the time and they work great. Are there any solutions for quickly, reliably, and securely sharingHow about setting up your own Certificate Authority. Mike ------------------------------------------------------------------------ -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) [email protected] http://www.noanet.net
|