NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] IPSec in Transport mode or in Tunnel Mode



Well, how does Checkpoint's SecuRemote connections work then over NATted
connections?

> -----Original Message-----
> From:	Daniel Hitchcock [SMTP:[email protected]]
> Sent:	Wednesday, February 14, 2001 5:35 PM
> To:	'[email protected]'; [email protected]
> Subject:	RE: [FW1] IPSec in Transport mode or in Tunnel Mode
> 
> 
> No, transport mode is not supported.  Check out
> http://www.checkpoint.com/products/vpn1/vpnwp.html (about 3/4 of the way
> down the page) for some diagrams and a description of the difference.  In
> short, transport encrypts the data and leaves the IP header intact,
> whereas
> tunnel encrypts everything including the original IP header and re-creates
> the packet with a new IP header.  Tunnel is the most preferable from a
> security standpoint.  If you need transport mode, the best solution may be
> to terminate your VPN somewhere other than the firewall
> (parallel/inside/outside depending on your network design).
> 
> HTH
> 
> Dan Hitchcock
> Security Analyst
> Breakwater Security Associates
>> [email protected]
> 
> 
> -----Original Message-----
> From: Martin WF Hui [mailto:[email protected]]
> Sent: Wednesday, February 14, 2001 7:08 AM
> To: [email protected]
> Subject: [FW1] IPSec in Transport mode or in Tunnel Mode
> 
> 
> 
> Hi,
> 
> Please tell me whether Checkpoint FW 4.1 can support IPSec in Transport
> Mode.  What is the benefits on using Transport mode rather than Tunnel
> mode.
> Please also teach me how to build a Transport Mode IPSec Tunnel.
> 
> Thanks a lot.
> 
> Martin
> 
> 
> ==========================================================================
> ==
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ==
> ====
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.