IPSec cons (cont) Harder to provide VPN through firewalls - must tunnel UDP port 500 (ISAKMP) for key exchange IP Protocol 50 for IPSec ESP IP Protocol 51 for IPSec AH If the firewall performs NAT or IP Masquerading, firewall kernel patches required. Easier to put VPN parallel to firewall, not behind. IPSec VPN packets are blocked by many ISPs
Copyright 2003, Bri Hatch of Onsight, Inc.
Presented at Real World Linux, 2003.
Presentation created using vim and MagicPoint.