On 11/2/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
On Wed, Nov 01, 2006 at 05:49:18PM -0800, Bryan Irvine wrote:
> I'm going to upgrading a couple of our firewalls soon and as part of
> the upgrade I will be implementing VPN between a couple of our sites.
>
> Does this page still apply: http://www.securityfocus.com/infocus/1859
Yes, although some additions have been made since (notably, AH works
too).
> Any pitfalls or changes I should watch out for?
Filtering IPsec traffic might take some experimentation to get right.
> These firewall are running CARP.
Don't forget sasyncd; it has gotten *much* better in 4.0.
Now that's a nice touch :-)
Also[1], there may be the need for an occasional connection from users
just using the windows vpn client. Anybody doing this? I rarely even
see windows so I'm not sure what to look for there.
Do I need to import a key of some sort, or set authentication somehow?
