ark_at_eltex.ru wrote:
> YOU (Volker Tanger) WROTE:
>
>> Second problem is doing VPN - or: not! Without a (visible) VPN peer
>> there is no VPN to be established.
> Why not? I see no technical reason why one cannot build birdging
> functionality over 100% isolated underlying VPN infrastructure and
> virtual tunneling interfaces.
Okay, misunderstanding: you can not do VPN without an IP address
for the VPN peers.
If the firewall is expected to do the VPN stuff, it has
to have an IP address responding to IKE, ICMP, whatever.
But with this it is no longer a stealth (i.e. IP-addressless)
firewall.
Of course you can do VPN between two peers with a stealth firewall in
between (that is if the firewall allows), but that was not the point.
Bye
Volker
--
Volker Tanger <volker.tanger_at_discon.de>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Received on Jan 18 2002
Intro
