|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Wed, 25 Apr 2001 23:17:40 -0400 (EDT) From: Charles Sprickman <spork@inch.com> To: <jtk@aharp.is-net.depaul.edu> Cc: <nanog@merit.edu> In-Reply-To: <3AE77F69.E2D9809@depaul.edu> Message-ID: <Pine.BSF.4.30.0104252314520.9192-100000@shell.inch.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Errors-To: owner-nanog-outgoing@merit.edu On Wed, 25 Apr 2001, John Kristoff wrote: > Mike Schoenecker wrote: > > if one is prone to be paranoia, using both [1] and [2] probably makes sense. > > Except that it is currently impractical for many sites since it requires > an entirely Cisco end-to-end shop including the Cisco (or Microsoft's) > RADIUS server. Since all these products are bridges, wouldn't it make sense to just have an Open/FreeBSD box at either end with two nics? Both os's can do IPSEC tunnels, and both end nodes will only be bridging a single MAC address. You end up with a "clean" network design (since you've got an actual endpoint or 'router') and you can encrypt your traffic with a bit more confidence than with the WEP stuff... Charles > John >
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |