[33584] in North American Network Operators' Group
Re: IPSectarianism
daemon@ATHENA.MIT.EDU (mdevney@teamsphere.com)
Wed Jan 17 01:29:21 2001
Date: Tue, 16 Jan 2001 22:14:48 -0800 (PST)
From: <mdevney@teamsphere.com>
To: "Dave Wardle, Critical Networks, Inc." <dave@criticalnets.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.21.0101161822580.5887-100000@home.inetd.com>
Message-ID: <Pine.LNX.4.21.0101162205120.19861-100000@core.teamplay.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 16 Jan 2001, Dave Wardle, Critical Networks, Inc. wrote:
> Date: Tue, 16 Jan 2001 18:48:31 -0800 (PST)
> From: "Dave Wardle, Critical Networks, Inc." <dave@criticalnets.com>
> To: nanog@merit.edu
> Subject: IPSectarianism
>
>
> Is anyone on the list aware of Service Providers (ISP/NSP...) who DO
> block IPsec traffic, with or without informing their customers or peers?
>
I used to work for an ISP (http://www.pilot.net) who blocked *all* traffic
except that specifically asked for, in the interests of security. This
was spelled out in the sales contract, and in fact was a prime selling
point. (I ipened a lot of pinholes in a lot of firewalls for IPsec.) I
imagine there are other ISPs who do the same.
From a customer standpoint, where I am now, I would never sign on with an
ISP/NSP who filtered *any* traffic. I can manage my own firewall thank
you very much.[1] I pay them for network access, to get my packets from
me to elsewhere and back, not to be my guardians.
> I'm trying to assess the pros and cons of major Enterprise Customers
> basing their entire remote office/small office/mobile network access
> strategy on some type of IPsec based VPN solution.
>
I've been very happy with Cisco's IPsec VPNs from PIX to PIX. They're
reasonably stable, very easy to set up, and since I'm not the one paying
12 grand + for what amounts to a 2-year-old desktop box running modified
IOS, their price is right. Oftentimes clients simply say "Cisco? Cool,
here's some money." Only caveat being, you really need the failover.
Mobile, I can't help you, sorry.
> Any thoughts?
>
> Cheers
> Dave
>
> -------
> Dave Wardle, Principal Consultant
> Critical Networks, Inc.
> -------
> Email: dave@criticalnets.com
> Homepage: www.criticalnets.com
> -------
> Cell: 831 332 1021
> Tel: 831 662 1710
> Fax: 831 662 1710
> -------
>
>
[1] Please no snide comments about my current provider, I am not too
pleased with them for exactly the reason you're thinking and am discussing
other options with my supervisor.
