Re: IPSec

From: Cy Schubert - ITSD Open Systems Group (Cy.Schubert@uumail.gov.bc.ca)
Date: 12/13/01


From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To: "Ivanov, Vladimir" <VIvanov@tee.toshiba.de>
Date: Wed, 12 Dec 2001 20:32:15 -0800

In message <020F0AC9894ADB4A9D0645965E1B47950953E4@dus04a.tsb-eu.com>, "Ivanov,
 Vladimir" writes:
> > Does anyone knows if it is possible to take IPSec parts from
> > Solaris 8 a and
> > put those to Solaris 7 ?
> > Or is there any other "product" that could do this ?
> > I need to secure connection between two machines.
>
> PPP-over-SSH? Or just SSH?

PPP over SSH isn't a good performer. If retransmits are required, you
could be retransmitting packets that are part of the SSH TCP session AND
retransmitting packets within the PPP session.

You're better off using a VPN solution that uses either IPSec or some
proprietary protocol that uses UDP.

If the protocol you're trying to secure uses TCP, then simply tunnel it
through SSH.

>
> > I am not looking for VPN solution.
> Then, you don't need IPSec, do you? :)

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD
Ministry of Management Services
Province of BC
                    FreeBSD UNIX: cy@FreeBSD.org