Re: Firebox: GRE over IPsec
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Firebox: GRE over IPsec

From: Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca>
Date: Wed Sep 28 2005 - 06:12:36 CEST



In article <1127879920.913376.55840@g47g2000cwa.googlegroups.com>,


 <sergerivest@yahoo.com> wrote:


:Here's my situation: I got this new job as sysadmin for a company. They


:have a network where there's a firebox III 700 as the main router and


:another CISCO router placed somewhere in the DMZ with a box behind it.



:When I asked why they had that CISCO 1711 they told me, because the


:Firebox III 700 didn't support GRE over IPsec, they had to buy this


:specific CISCO router to be able to do a "branch-to-branch" VPN with


:the provider.



Are you perhaps running some layer 2 traffic between the branches?


Either with both branches being in the same subnet, or sending


something that is non-IP, such as IPX or Appletalk ?



I have never looked at the Firebox series, so I do not know if it


can handle layer 2 traffic.



A need for layer 2 would explain why they didn't use a PIX --


PIX have only recently gained layer 2 transparency.



-- 
  Many food scientists have reported chocolate to be the single most
  craved food.                               -- Northwestern University, 2001


Received on Thu Sep 29 20:11:07 2005