Firewall Wizards mailing list archives

Re: stealth firewalls

From: "Volker Tanger" <volker.tanger () discon de>
Date: Fri, 18 Jan 2002 09:50:15 +0100

ark () eltex ru wrote:

> YOU (Volker Tanger) WROTE:
>
>> Second problem is doing VPN - or: not! Without a (visible) VPN peer
>> there is no VPN to be established.

Why not? I see no technical reason why one cannot build birdging
functionality over 100% isolated underlying VPN infrastructure and
virtual tunneling interfaces.

Okay, misunderstanding: you can not do VPN without an IP addressfor the VPN peers.


If the firewall is expected to do the VPN stuff, it has

to have an IP address responding to IKE, ICMP, whatever.
But with this it is no longer a stealth (i.e. IP-addressless)
firewall.

Of course you can do VPN between two peers with a stealth firewall inbetween (that is if the firewall allows), but that was not the point.


Bye
        Volker

--

Volker Tanger  <volker.tanger () discon de>
 Wrangelstr. 100, 10997 Berlin, Germany
    DiSCON GmbH - Internet Solutions
         http://www.discon.de/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

stealth firewalls Irwin Lazar (Jan 16)
- Re: stealth firewalls Nate Campi (Jan 17)
  - RE: stealth firewalls Ofir Arkin (Jan 18)
  - Re: stealth firewalls ark (Jan 18)
    - RE: stealth firewalls Don Flanagan (Jan 19)
- Re: stealth firewalls Volker Tanger (Jan 17)
  - Re: stealth firewalls ark (Jan 18)
    - Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls Peter Lukas (Jan 17)
- Re: stealth firewalls Dave Mitchell (Jan 18)
- Re: stealth firewalls Roelof JT Jonkman (Jan 18)
- <Possible follow-ups>
- Re: stealth firewalls ark (Jan 17)
- Re: stealth firewalls ark (Jan 18)
  - Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls Valerie Anne Bubb (Jan 19)
- Re: stealth firewalls Valerie Anne Bubb (Jan 19)