Hi All, What I think is that we shouldn't send all packets to IPSec. This reduces the performance of the box as IPSec algorithms are really compute intensive. Only configured tunnels to a few locations can be IPSeced. This ensures that the normal traffic which is mostly TCP traffic can be as fast as possible. (Hey, We all complain when we see our mails being downloaded slowly or web pages being loaded slowly) Also, for generic security we can use the IP filter for normal traffic. The IPSec itself does authentication so why send it to a filter?
Regards Kshitij _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
