ark_at_eltex.ru wrote:
>
> nuqneH,
HIqIm! {{;-)
> VPN peers are not required to be visible from VPN itself.
>
> You can build a bridge that will take packet from (bridging) interface 0 on
> machine A, encapsulate and encrypt it, send it via interface 1 to machine B's
> interface 1, that will decrypt it and send out via interface 0 on machine B,
> and vice versa.
Yes - but A1 and B1 have visible IP interfaces to the rest of the world
between them - thus A and B are no longer stealth firewalls by
definition? At least if using standard VPN like IPsec?
As for A0 and B0, yes, that part was understood. Albeit I prefer
"proper" (i.e. normal) routing over bridging. Makes debugging network
connections easier IMHO.
Bye
Volker
--
Volker Tanger <volker.tanger_at_discon.de>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Received on Jan 18 2002
Intro
