TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [TCLUG:6947] Linux VPN Client and IKE compliance
The Checkpoint rep was probably saying "anything" in the sense of
"anything OPSEC."
Peter Lukas
On Wed, 14 Jul 1999, Unni Nambiar wrote:
> > -----Original Message-----
> > From: Peter Lukas [mailto:peter@math.umn.edu]
> > Sent: Tuesday, July 13, 1999 2:01 PM
> > To: Tclug-List (E-mail)
> > Subject: Re: [TCLUG:6947] Linux VPN Client and IKE compliance
> >
> >
> > [snip]
> >
> > All hope is not lost, though. If SSH is allowed into your
> > network, you
> > may create your own pseudo-VPN with it through the wonderful
> > port-forwarding features of SSH. You should be able to ssh
> > into a machine
> > on the trusted network and forward any required ports into it (in a
> > proxy-esque fashion). This is cheaper than SecuRemote and it
> > works with
> > virtually any platform! It's not as transparent, and
> > potentially not as
> > secure as SecuRemote, but it should be enough for you to get
> > the job done.
> >
>
> Thanks much. Turns out my company does allow ssh access. So problem
> solved.
>
> I'm still curious though about communicating with FW-1 from Linux. Even
> though you said that parts of the SecuRemote/FW-1 handshake is proprietary,
> what makes me curious is that the claim that " ... you could use any IKE
> compliant client ..." was made by a Check Point employee (i forgot to
> mention that in my previous mail). I'll also try following it up with him.
>
> Also another thing i noticed was, the "What's New" in FW-1 at Check Point
> talks about Web based User Authentication. I wonder what that means ...
>
> Regards,
>
> -Unni
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>
>