Firewalls: Re: Firewalls-Digest V5 #577

Firewalls
(October 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewalls-Digest V5 #577
From:	debernar @ sctc . com (Paul DeBernardi)
Date:	Tue, 22 Oct 1996 10:04:41 -0600
To:	Firewalls @ GreatCircle . COM

>
>Date: Mon, 21 Oct 1996 11:39:36 +0000
>From: Helgi Viggosson <helgi @
 ott .
 is>
>Subject: Re: Does DEC's products support VPN?
>
>Dan Tshin wrote:
>>
>> On Friday, October 18, 1996 9:39 AM, Alejandro
>>Motta[SMTP:amotta @
 ifi .
 unizh .
 ch] wrote:
>> >Hello everybody,
>> >
>> >Could someone tell me, if the firewalls of Digital: Digital Firewall
>> >Service, Digital Firewall for Unix and BorderWare Firewall Server,
>> >support Virtual Private Networking?
>>
>> I understand that DEC's firewall does NOT do VPN. Borderware DOES.
>
>But in combination with the AltaVista Tunnel it does.
>
>>
>> >I read the DEC's Websites and found that Alta Vista Tunnel and Personal
>> >Tunnel support VPN for Alta Vista Firewall. I don't know if these
>> >products can do VPN with the others firewalls.
>>
>> I haven't heard of cross-firewall VPN ability. I wouldn't think so...
>>corrections anyone?

Cross firewall VPN is indeed a reality. Vendors that build VPN's using the
new emerging IPSec protocol will interoperate when setting up VPN's. Many
of the firewall vendors have already tested for interoperability. To read
about this project go to www.rsa.com and look for information on the s/wan
initiative for IPSec interoperability.

Secure Computing Corporations two firewalls, the BorderWare Firewall Server
and Sidewinder, interoperate for VPN using the IPSec standard. Secure also
markets a Windows 95 package that does IPSec encryption (NETCourier)to
create VPN tunnels from the Windows 95 NETCourier client to the firewall,
for instance.

IPSec is based on IETF RFC's 1825 - 1828 (I believe).

>
>AltaVista Tunnel can work with most firewalls. It can be placed anyware
>on your
>network, you have to open a port for it on your firewall, to enable the
>Tunnel
>servers to establish their private links.

Yes. But the DEC encryption scheme is proprietary, not open like IPSec.

Paul DeBernardi
Secure Computing
612-628-2797
debernar @
 sctc .
 com

>
>- --
>_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>Helgi Viggosson,        | Internet: helgi @
 ott .
 is
>Software Product Mgr,   | X.25 (PSI%): PSI%274011324040::HELGI
>Digital a Islandi ehf,  | X.400: G=Helgi S=Viggosson P=OTT A=ISHOLF C=IS
>Vatnagardar 14,         | Phone: +354 533 5050  Mobile: +354 896 1873
>104 Reykjavik,ICELAND   | FAX:   +354 533 5060
>_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>
>

Follow-Ups:

Re: Firewalls-Digest V5 #577
From: Adam Shostack <adam @ homeport . org>

Indexed By Date	Previous:	Re: Re[2]: Checkpoint - From: Frank Beall <fbeall @ borg . mayfield . hp . com>
Indexed By Date	Next:	Fw-1 : use of ports 256 to 260 From: Christian ALT <calt @ tla . ch>
Indexed By Thread	Previous:	Re: CERN/W3C HTTPd as proxy (SUMMARY) From: Todd Graham Lewis <lists @ reflections . mindspring . com>
Indexed By Thread	Next:	Re: Firewalls-Digest V5 #577 From: Adam Shostack <adam @ homeport . org>