[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [BEHAVE] Re: CPE equipments and stateful filters
Hi,
On Mon, Jul 30, 2007 at 05:28:02PM -0700, Dan Wing wrote:
> The only IPsec client implementation I'm aware of is Cisco's, and
> I know our implementation does not provide automatic detection or
> fallback from IPsec-over-IP to IPsec-over-UDP; rather, the user has
> to select this themselves or be artificially limited to always use
> UDP. IPsec-over-UDP is, of course, less bandwidth efficient than
> IPsec-over-IP.
This is again assuming "the IPSEC session is initiated outbound-only,
and the IPSEC server (gateway, whatever) is in a corporate data center".
In an end-to-end world, it may be desirable to have one residential
user setup IPSEC to another residential user. Both behind such stateful
firewalls that neither permit unsolicited inbound UDP.
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 113403
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279