Hi,
On Mon, Jul 30, 2007 at 11:43:03PM -0700, Dan Wing wrote:
> > In an end-to-end world, it may be desirable to have one residential
> > user setup IPSEC to another residential user. Both behind
> > such stateful firewalls that neither permit unsolicited
> > inbound UDP.
>
> In such a case, they need to communicate each others IP addresses
> (and perhaps UDP ports) using a rendezvous protocol (such as SIP,
> see draft-saito-mmusic-sdp-ike-01.txt) in order to allow one (or both)
> to allow inbound UDP (or 'raw' IPsec), or the server would need to
> tell its firewall to permit unsolicited incoming traffic.
Which seems to be the point of this discussion. "If we are going to
have stateful firewalls, due to popular belief that this is a good thing,
how to tell the firewall that it should stop disturbing traffic".
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 113403
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
Attachment:
pgpwuSA0H1urH.pgp
Description: PGP signature