>
> > Or, now that we have a DSL standard that supports a few
> more products (or
> > will when they get telepermitted), drop in a Cisco 827 with
> the IP firewall
> > feature set and IPSec and forget the Nokia's altogether!
>
> For that matter, why do we need an expensive Cisco when a *nix box
> can carry out basic (nay advanced) firewall functions at a
> much cheaper
> price.

I'd agree, assuming you can get UNIX drivers for the internal DSL card.

Otherwise, the problems we have with NAT and VPN's don't go away with the
new standards and the M11.

The firewall can certainly sit inside on whatever, but short of routing
public addresses (no NAT), the only real solution to a true IPSec
server-server tunnel at the moment seems to be to terminate the tunnel on
the router. (I know you can tunnel an IPSec tunnel over GRE, but I'm
personally not real happy about the extra overhead.)

To my knowledge, cheapie dsl modems don't offer built in IPSec VPN.

This message is part of the NZ Broadband mailing list.
see http://freebsddiary.cx/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Mon Jul 3 00:26:18 2000