From: Matthias Gorjup (matthias.gorjup_at_siol.net)
Date: Tue Nov 05 2002 - 21:13:01 CET
Hello,
I know that this issue has been largely discussed in the Mailing List, but I
have not found an explicit answer to the problem we have in our company.
Just a short introduction:
We are building a SOHO device, based on MPC860 HW platform and Linux 2.4.17
kernel, for a large european telecom company. Its purpose is to use it at
teleworkers' side as a gateway and make them able to connect to their
company's private network via VPN. VPN would be implemented with IPSec - and
freeswan package seems to be the logical choice.
Our question is if the following scenario is possible to implement with IPSec
and freeswan package:
H1 -------
H2 ------- SOHO --- ADSL modem ----ISP --- INTERNET ---- GW-----priv.network
H3 ------- dynamic IP
Our SOHO device would serve as a gateway and firewall, and the teleworker
would need to be able to access the company's private network through an
IPSec tunnel. The company would use a CISCO router as a gateway.
This would corespond to a typical scenario of connecting two private networks,
each having an IPSec enabled gateway with a static IP address.
The only difference is that our SOHO device would get a dynamic IP address
from the ISP.
And here are the questions:
- could our SOHO device initiate the ipsec connection to the company's CISCO
with a main mode and pre-shared key authentication?
- if not, should RSA authentication be used instead?
- is using the "aggressive mode" patch a solution? Does anyone have experience
using this patch? There is only a patch for version 1.5 available...
Regards and thanks in advance
Matthias
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Nov 06 2002 - 05:20:36 CET