On Mon, 9 Jul 2001 [EMAIL PROTECTED] wrote:
> The thought of combining "VPN" with "transparent mode" makes my poor
> little brain hurt. It wouldn't surprise me if that combination turned
> out to be not (yet?) supported....
> On 9 Jul 2001, at 18:05, Henrik Grankvist wrote:
> > I'm having some trouble getting a vpn connection to work with NS5XP in
> > transparent mode. I know that it only works with manual keys, and therefore
> > I have set up a connection using the tutorial from Netscreen.
sorry, i'm not familiar with the term 'transparent mode' as it applies to
the Netscreen product, but if it means 'only configured at layer 2, ie a
filtering bridge' then i know i understand you.
you can't do IPSec VPNs with a layer 2 device, it requires layer 3 (IP)
manipulations (encapsulation, packet header mangling, etc ...), along with
endpoint addressing (for the gateways or participating nodes), none of
which are available (on the WAN) only at layer 2.
bear in mind i could be talking out my ass, but that's as i understand it
and why i think it can't be done (a layer 2 IPSec device).
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
