[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] IPSec in Transport mode or in Tunnel Mode
Well, how does Checkpoint's SecuRemote connections work then over NATted connections? > -----Original Message----- > From: Daniel Hitchcock [SMTP:[email protected]] > Sent: Wednesday, February 14, 2001 5:35 PM > To: '[email protected]'; [email protected] > Subject: RE: [FW1] IPSec in Transport mode or in Tunnel Mode > > > No, transport mode is not supported. Check out > http://www.checkpoint.com/products/vpn1/vpnwp.html (about 3/4 of the way > down the page) for some diagrams and a description of the difference. In > short, transport encrypts the data and leaves the IP header intact, > whereas > tunnel encrypts everything including the original IP header and re-creates > the packet with a new IP header. Tunnel is the most preferable from a > security standpoint. If you need transport mode, the best solution may be > to terminate your VPN somewhere other than the firewall > (parallel/inside/outside depending on your network design). > > HTH > > Dan Hitchcock > Security Analyst > Breakwater Security Associates >> [email protected] > > > -----Original Message----- > From: Martin WF Hui [mailto:[email protected]] > Sent: Wednesday, February 14, 2001 7:08 AM > To: [email protected] > Subject: [FW1] IPSec in Transport mode or in Tunnel Mode > > > > Hi, > > Please tell me whether Checkpoint FW 4.1 can support IPSec in Transport > Mode. What is the benefits on using Transport mode rather than Tunnel > mode. > Please also teach me how to build a Transport Mode IPSec Tunnel. > > Thanks a lot. > > Martin > > > ========================================================================== > == > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > == > ==== > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|