[Shorewall-users] IPSec and VPN Appliance

Tom Eastep teastep@shorewall.net
Sat, 12 Jan 2002 07:28:07 -0800

On Saturday 12 January 2002 05:04 am, Jonathan B. Bayer wrote:
> Hello Shorewall-users,
> I have Shorewall installed as a firewall between our office and the net=
> The internal network has an address range of
> We are looking at purchasing a small VPN appliance to install at our
> office.  I have two ways to install it.  The first (and preferred)
> method is to install it on our local lan, and have the IPSec packets
> transparently passed through the firewall directly to the appliance.
> The second way is to put it side by side with the firewall, listening
> on it's own address.
> I'm not too happy about putting what is essentially a second firewall i=
> place, but am concerned about some problems I've heard about using IPSe=
> through a firewall which does NATing.
> Any comments would be appreciated.

Have you considered letting your Shorewall-based firewall be the "VPN=20

Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net