Re: IPSec

From: Cy Schubert - ITSD Open Systems Group (
Date: 12/13/01

From: Cy Schubert - ITSD Open Systems Group <>
To: "Ivanov, Vladimir" <>
Date: Wed, 12 Dec 2001 20:32:15 -0800

In message <>, "Ivanov,
 Vladimir" writes:
> > Does anyone knows if it is possible to take IPSec parts from
> > Solaris 8 a and
> > put those to Solaris 7 ?
> > Or is there any other "product" that could do this ?
> > I need to secure connection between two machines.
> PPP-over-SSH? Or just SSH?

PPP over SSH isn't a good performer. If retransmits are required, you
could be retransmitting packets that are part of the SSH TCP session AND
retransmitting packets within the PPP session.

You're better off using a VPN solution that uses either IPSec or some
proprietary protocol that uses UDP.

If the protocol you're trying to secure uses TCP, then simply tunnel it
through SSH.

> > I am not looking for VPN solution.
> Then, you don't need IPSec, do you? :)

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Email:
Open Systems Group, ITSD
Ministry of Management Services
Province of BC
                    FreeBSD UNIX:

Relevant Pages

  • Re: IPsec vs SSH (Was Re: in.telnetd vulnerability??)
    ... Subject: IPsec vs SSH ... right, the user authentication part is not much of an issue, because the network is fairly secure, ie who is accessing it and such. ... >for protecting the traffic on route, but it is really just telnet on some ...
  • Re: Need new 3270 emulator: SSH, inexpensive, reliable
    ... started referring to VPN as "light-weight ipsec" ... ...
  • Re: Frage zu Ports
    ... > mir einen SSH Tunnel oder IPSec vorstellen. ... Endpunkten aufgemacht. ... Bei IPSec kann ich da (echt VPN) zwei Netzwerke ...
  • IPsec vs SSH (Was Re: in.telnetd vulnerability??)
    ... Subject: IPsec vs SSH ... IPsec is about protecting verything on the network and isn't about user ...
  • Re: automatic cipher ("none") selection?
    ... KL> encrypted paths? ... KL> have IPsec, there's no reason for me to expend the processor time ... KL> encrypt the SSH session. ... the protections afforded by SSH and IPSec do not have the same ...