RE: ISA Checklist

Hi Tom,

a very nice and informative article. Keep going on...

I'v just one little remark about the item 'IP fragments'. You are very right
to advice to enable filtering of IP fragments. But you probably remember
also that this can break the use of certificates in VPNs, particularly the
EAP-TLS authentication. Maybe adding a such a quick note is recommended ;-)

BTW --- in the Minutes of the IPSEC wg Meeting, December 2001 IETF-52 Online
Proceedings (http://www.ietf.org/proceedings/01dec/minutes/IPSEC.HTM) you
can read that they are very aware of this problem. Hopefully, they can agree
on a good solution about this issue.

Regards,
Stefaan

-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: zondag 3 februari 2002 10:27
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Checklist


http://www.ISAserver.org


Hi Neil,

Well, I finished it!

I'll be up on www.isaserver.org/shinder next week. But until then, you
can check it out at:

http://www.tacteam.net/isaserverorg/isachecklist.htm

HTH,
Tom
www.isaserver.org/shinder

-----Original Message-----
From: Neil Thomas [mailto:neil.thomas@xxxxxxxxxxxxxxx] 
Sent: Friday, February 01, 2002 12:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Checklist

http://www.ISAserver.org


Hi Thomas..,

I'll Look forward to seeing it. If you are willing to offer me a copy of
the unfinished work I'm sure it would be very helpfull..

Thanks..,

Neil.

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts: