I think you'll find Oracle has removed encrypted transfers from the licensed advanced security. Discussions someplace on oracle-l. Cheers, Wayne On Jun 5, 2014 1:00 PM, "Kenny Payton" <k3nnyp@xxxxxxxxx> wrote: > Even uglier take a look at ssh tunnels. Cheap and works but you’d want a > good amount of monitoring wrapped around such a solution and the source > side would need pretty fast cpu’s or multiple tunnels. A VPN solution > seems to be your best bet. That would also allow you to control other > types of traffic. Advanced Security can be expensive but would get you > encrypted SQLNet but would need to be licensed on both sides. > > ssh -f oracle@10.0.0.28 -L 1569:10.0.0.28:1560 -N -C -c blowfish-cbc > > > > > > > On Jun 5, 2014, at 12:34 PM, Chris Taylor < > christopherdtaylor1994@xxxxxxxxx> wrote: > > I wonder if you could setup a VPN connector on the remote host and use a > VPN connection from the your server into the remote host and route your > sqlnet connection (via tns) over the VPN tunnel into the remote server? > > Chris > > > On Thu, Jun 5, 2014 at 11:29 AM, Deas, Scott <Scott.Deas@xxxxxxx> wrote: > >> Hello, >> >> >> >> We have a requirement that we create database links to a database at an >> external site. The network will be public, meaning we need to ensure all >> communication across said network needs to be encrypted. >> >> >> >> We have no control over the destination database, we are passing SQL to >> the destination database and pulling back results, but need to make sure >> that all transmissions across the link will be encrypted (not just user >> authentication). >> >> >> >> The local databases will be 10.2.0.4 on AIX and 11.2.0.4 on Linux. The >> destination database will be 11.2.0.3 on AIX. All are Enterprise Edition. >> I’ve read through some of the documentation for Advanced Security, and we >> do have some licenses available, so if that’s the best solution, we can >> implement it at the local databases, but destination database will not have >> Advanced Security installed, so any solutions that require it on both sides >> would not work. >> >> >> >> Additionally (and most obviously), we want to avoid any changes to the >> code utilizing these links, so any suggestions creating views on top of >> tables using DBMS_CRYPTO to encrypt and then decrypt at the local database >> won’t work. We really just need to implement a secure way to transfer >> packets been the two sites. >> >> >> >> Thanks, >> Scott >> >> >> Notice of Confidentiality: **This E-mail and any of its attachments may >> contain >> Lincoln National Corporation proprietary information, which is >> privileged, confidential, >> or subject to copyright belonging to the Lincoln National Corporation >> family of >> companies. This E-mail is intended solely for the use of the individual >> or entity to >> which it is addressed. If you are not the intended recipient of this >> E-mail, you are >> hereby notified that any dissemination, distribution, copying, or action >> taken in >> relation to the contents of and attachments to this E-mail is strictly >> prohibited >> and may be unlawful. If you have received this E-mail in error, please >> notify the >> sender immediately and permanently delete the original and any copy of >> this E-mail >> and any printout. Thank You.** >> > > >