also sprach Noah L. Meyerhans <noahm@debian.org> [2002.12.12.1656 +0100]: > On Thu, Dec 12, 2002 at 09:39:27AM -0500, Phillip Hofmeister wrote: > > If you implement IPSec, my experience (as of 6 months ago) with IPSec is > > that it works great, as long as you use the same implementation on all > > host. > > I don't really agree with that. I have used several different IPsec > implementations and interoperated successfully. me too. i've had all of freeswan, native 2.5, cisco, sonicwall, nokia, check point, *BSD and win2k interoperate. it wasn't always easy (especially windoze, check point and cisco), but it works. > www.freeswan.org has quite a bit of interoperability documentation. this site has very good documentation in general. but it takes time. no expert reference. > Basically, the only difficulties come from the fact that the Internet > Key Exchange (IKE) protocol, defined in RFC 2409, has so damn many > configurable parameters that it's easy to missconfigure it. Since there > isn't (and probably won't ever be) a standard set of defaults, this can > get confusing. it's getting there... ISAKMP/Oakley... -- Please do not CC me! Get a proper mailer instead: www.mutt.org .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The public PGP keyservers are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc
Attachment:
pgp6jJzNvm_PL.pgp
Description: PGP signature