[VPN] Encryption domain subnetworking ?
From: Yannick Lo (ylg@fr.ibm.com)
Date: 02/03/03
- Next message: Don Kelloway: "Re: recommendation Firewalls"
- Previous message: Emil Lam: "Firewall event log format"
- Next in thread: SysAdm: "Re: [VPN] Encryption domain subnetworking ?"
- Reply: SysAdm: "Re: [VPN] Encryption domain subnetworking ?"
- Maybe reply: Greg Hennessy: "Re: [VPN] Encryption domain subnetworking ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Yannick Lo" <ylg@fr.ibm.com> Date: Mon, 3 Feb 2003 12:07:41 +0100
Hi all,
I would like to have your experience / feedback about the definition of the
encryption domain. I have some Checkpoint nodes and I need to redefine the
encryption domain. I have two choices :
- define the encryption domain with respect to the subnetting in place (ex :
multiples of /28, 29, 30, ... subnets)
- define the encryption domain with a supernet : /16 netmask
The first choice is in production today, but there are some mistakes and
some networks are not included in that definition.
The second choice seems simplest. I wonder if some work needs to be done for
the peers in place.
Thanks for your feedback. Regards,
-- Yannick Lo
- Next message: Don Kelloway: "Re: recommendation Firewalls"
- Previous message: Emil Lam: "Firewall event log format"
- Next in thread: SysAdm: "Re: [VPN] Encryption domain subnetworking ?"
- Reply: SysAdm: "Re: [VPN] Encryption domain subnetworking ?"
- Maybe reply: Greg Hennessy: "Re: [VPN] Encryption domain subnetworking ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
