[isalist] Re: Endpoint IPSEC with DHCP assinged address.
- From: William Holmes <wtholmes@xxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sun, 16 Mar 2008 10:04:43 -0400
You know Tom,
I am fully apprised of the security implications. I am also aware that the
user already has an always on connection provided by a Red Creek Ravlin
Device. The fact is that the Ravlin has long since passed its end of life
and needs to be replaced. I wanted to do this with a solution that is
integrated into ISA rather than some other "black box" solution. That way
specific policies and monitoring could be applied to the traffic.
I guess I could just tell the Chairman to kiss off but .....
While many people may be unaware of security I am not one of those. There is
nothing "naïve" about the security setup that current exists nor would there
be in the new configuration. The network on the remote site is completely
understood. It's hardwired to the person's home office. If there is a
physical break I'll know.
I actually was asking a technical question. Other systems out there allow
IPSEC tunnels with DHCP endpoints (including the Ravlin) I was asking ISA
could support such a configuration. A detailed technical response would have
been nice. A rant about efficacy of the configuration is a usual unwelcome.
It's really ashamed that with the knowledge that you possess on ISA that you
had to turn this question into a personal attack.
Bill
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Sunday, March 16, 2008 12:25 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Endpoint IPSEC with DHCP assinged address.
You have to be kidding? Right?
Don't you take responsibility for the security of your business?
If you can 't provide at least 10 valid security reasons for not honoring
this request, you might want to consider Wally Thor's truck driving school as
an alternate line of business. You put yourself in harm's why with this type
of naïve security configuration and if you have any assets, I'm sure an atty
would love to take them from you for allowing this type config.
Be responsible and aware.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of William T. Holmes
Sent: Saturday, March 15, 2008 8:24 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Endpoint IPSEC with DHCP assinged address.
The person in question wants an always on connection from their home.
Bill
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Saturday, March 15, 2008 5:55 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Endpoint IPSEC with DHCP assinged address.
An IPSec tunnel will need to know both end's IP in order to set up the
tunnel, match rules, and route properly...
What's wrong with an old-fashioned VPN from his/her computer? And can the
router not act as a VPN client?
t
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of William T. Holmes
Sent: Saturday, March 15, 2008 2:30 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Endpoint IPSEC with DHCP assinged address.
Hi,
Can anyone give me a pointer on this one?
Thanks
Bill
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of William Holmes
Sent: Friday, March 14, 2008 12:54 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Endpoint IPSEC with DHCP assinged address.
Hi,
I would like to deploy a router in one of our Executive's home. The router I
have can be configured with IPSEC tunneling. I am only interested in having
the IPSEC tunnel startup from the endpoint not from the ISA2004 Server. Is
there a document on setting up? I looked at
http://www.isaserver.org/articles/2004isadlink.html but that indicates I need
a fixed IP address at each end of the tunnel. Can this same thing be
accomplished with a dynamic IP address on the endpoint so long as I don't
wish to establish the tunnel from the ISA server's side?
Thanks
Bill
Other related posts:
