On Thu, 18 Dec 2003, Eric Robinson wrote:
> connectivity is okay for my application, then is there a problem running
> a gateway-to-gateway IPSEC tunnel on consumer-grade Charter service? How
> thorough is Charter's packet filtering?
Yes. IPSEC usually doesn't have any impact on what ports are used. Even in
ESP mode, the source/destination ports are usually unchanged. You might be
able to find an implementation that changes this behavior, but it would be
non-standard, and would certainly break the AH protocol.
You might be better off investigating stunnel or cipe. Cipe in particular
will allow you to tunnel over a specified port, so you can set it above
1024 to bypass the filters Charter uses.
Again, note that this is a non-standard methodology, so you will need to
do this with Linux boxen, and not with an industry-standard appliance. It
should work well enough for what you've described, but it may politically
be a hot potato in your environment. YMMV.
--
Todd's "Customer Disservice Hall of Shame" currently contains:
- Charter Communications: Mislead their customers about services,
and block Internet connectivity.
- AT&T: Honoring the "checks" they send out to entice you to switch
long-distance providers is apparently optional.
- eFax: Receive (not send) 20 pages of *unsolicited* faxes, and lose
your account.
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
