[Shorewall-users] IPSec and VPN Appliance

Tom Eastep teastep@shorewall.net
Sat, 12 Jan 2002 07:28:07 -0800


On Saturday 12 January 2002 05:04 am, Jonathan B. Bayer wrote:
> Hello Shorewall-users,
>
> I have Shorewall installed as a firewall between our office and the net=
=2E
> The internal network has an address range of 192.168.1.0/24
>
> We are looking at purchasing a small VPN appliance to install at our
> office.  I have two ways to install it.  The first (and preferred)
> method is to install it on our local lan, and have the IPSec packets
> transparently passed through the firewall directly to the appliance.
> The second way is to put it side by side with the firewall, listening
> on it's own address.
>
> I'm not too happy about putting what is essentially a second firewall i=
n
> place, but am concerned about some problems I've heard about using IPSe=
c
> through a firewall which does NATing.
>
> Any comments would be appreciated.
>

Have you considered letting your Shorewall-based firewall be the "VPN=20
Appliance"?

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
-------------------------------------------