Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: RE: VPN options not export restricted

RE: VPN options not export restricted

Geldenberg, Aleksandr (ag60179imcnam.sbi.com)
Wed, 15 Jul 1998 08:23:13 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Bill_Roydspch.gc.ca: "Re: NAT on router vs. firewall"
Previous message: Joseph S. D. Yao: "Re: VPN options not export restricted"
In reply to: Lyndon David: "VPN options not export restricted"
Next in thread: ICMan: "Re: VPN options not export restricted"

Hello, Lyndon

The biggest show stopper for using FW-1 SecuRemote solution for us, was the
fact that clients use firewall's management station as certificate authority
to verify firewall's public key. Therefore, the management station should
be seen by remote clients, who, in your case, are coming from the Internet.
The easy solution is to combine management station with the gateway and put
them on DMZ. But it can lead to greater risk in compromising this box and
grabbing control over management station. Plus the DMZ with management
station should be routable to other DMZs where you have just inspecting
gateways managed by this station.

I tried to play with NAT, but I believe there is no way to tell SecuRemote
client what the address of management station is. The address of management
station is sent to a client together with encryption domain.

For now, I could not find a usefulness in SecuRemote. A lot of people will,
probably, oppose my opinion.

I am testing VTCP/Secure by InfoExpress right now. So far I found this VPN
solution much friendlier and more useful than other ones. It employs
exportable DES encryption as well as domestic one.

Regards,

Alex

> -----Original Message-----
> From: Lyndon David [SMTP:lyndondsentinet.co.uk]
> Sent: Tuesday, July 14, 1998 9:06 AM
> To: firewall-wizards
> Subject: VPN options not export restricted
>
> Hi,
>
> I have a requirement to form an encrypted link from some laptops back to
> a central dial-in box. I absolutely dont want to be constrained by any
> export key lengths and preferably want something like tripple DES. The
> laptops will be running either NT or 95.
>
> Other than secureremote for Firewall-1 that integrates nicely into such
> solutions and I know about and discounting unsupported roll your own
> solutions can anyone point me in the direction of some appropriate
> products to do this ?
>
> Thanks
>
> --
> Lyndon David Internet and Intranet development
> Sentinet Ltd http://www.sentinet.co.uk
>

Next message: Bill_Roydspch.gc.ca: "Re: NAT on router vs. firewall"
Previous message: Joseph S. D. Yao: "Re: VPN options not export restricted"
In reply to: Lyndon David: "VPN options not export restricted"
Next in thread: ICMan: "Re: VPN options not export restricted"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:32 CDT