RE: [TCLUG:6947] Linux VPN Client and IKE compliance

[Unni Nambiar <unambiar@Legato.COM>]

> -----Original Message-----
> From: Peter Lukas [mailto:peter@math.umn.edu]
> Sent: Tuesday, July 13, 1999 2:01 PM
> To: Tclug-List (E-mail)
> Subject: Re: [TCLUG:6947] Linux VPN Client and IKE compliance
> 
> 
> [snip]
>
> All hope is not lost, though.  If SSH is allowed into your 
> network, you
> may create your own pseudo-VPN with it through the wonderful
> port-forwarding features of SSH.  You should be able to ssh 
> into a machine
> on the trusted network and forward any required ports into it (in a
> proxy-esque fashion).  This is cheaper than SecuRemote and it 
> works with
> virtually any platform!  It's not as transparent, and 
> potentially not as
> secure as SecuRemote, but it should be enough for you to get 
> the job done.
> 

Thanks much.  Turns out my company does allow ssh access.  So problem
solved.

I'm still curious though about communicating with FW-1 from Linux.  Even
though you said that parts of the SecuRemote/FW-1 handshake is proprietary,
what makes me curious is that the claim that " ... you could use any IKE
compliant client ..." was made by a Check Point employee (i forgot to
mention that in my previous mail).  I'll also try following it up with him.

Also another thing i noticed was, the "What's New" in FW-1 at Check Point
talks about Web based User Authentication.  I wonder what that means ...

Regards,

-Unni