Firewall Wizards mailing list archives
Re: stealth firewalls
From: "Volker Tanger" <volker.tanger () discon de>
Date: Fri, 18 Jan 2002 09:50:15 +0100
ark () eltex ru wrote: > YOU (Volker Tanger) WROTE: > >> Second problem is doing VPN - or: not! Without a (visible) VPN peer >> there is no VPN to be established.
Why not? I see no technical reason why one cannot build birdging functionality over 100% isolated underlying VPN infrastructure and virtual tunneling interfaces.
Okay, misunderstanding: you can not do VPN without an IP address for the VPN peers.
If the firewall is expected to do the VPN stuff, it has to have an IP address responding to IKE, ICMP, whatever. But with this it is no longer a stealth (i.e. IP-addressless) firewall.Of course you can do VPN between two peers with a stealth firewall in between (that is if the firewall allows), but that was not the point.
Bye Volker -- Volker Tanger <volker.tanger () discon de> Wrangelstr. 100, 10997 Berlin, Germany DiSCON GmbH - Internet Solutions http://www.discon.de/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- stealth firewalls Irwin Lazar (Jan 16)
- Re: stealth firewalls Nate Campi (Jan 17)
- RE: stealth firewalls Ofir Arkin (Jan 18)
- Re: stealth firewalls ark (Jan 18)
- RE: stealth firewalls Don Flanagan (Jan 19)
- Re: stealth firewalls Volker Tanger (Jan 17)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Peter Lukas (Jan 17)
- Re: stealth firewalls Dave Mitchell (Jan 18)
- Re: stealth firewalls Roelof JT Jonkman (Jan 18)
- <Possible follow-ups>
- Re: stealth firewalls ark (Jan 17)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls Valerie Anne Bubb (Jan 19)
- Re: stealth firewalls Valerie Anne Bubb (Jan 19)
- Re: stealth firewalls Nate Campi (Jan 17)