New Zealand ADSL Mailing List


Re: Question for M1122 gurus

From: Raimund Eimann <raimund_at_cs.auckland.ac.nz>
Date: Wed, 5 Apr 2006 10:27:48 +1200
Message-Id: <200604051027.48549.raimund@cs.auckland.ac.nz>

Hi,

thanks for all the comments so far, I really appreciate it :)

My idea was to run IPsec instead of PPtP, because the latter seems to have a
rather bad reputation when it comes to security... (judging by googling for
"PPtP" and "security").

I'm not an expert for IPsec, but what I understand so far is that IPsec can
apparently be run in two different modes, one of which implements is on top
of TCP/UDP (with some open ports, 50 [and others?]). When I understand things
right, this is the "transport mode" of IPsec, which is used to connect two
hosts.

However, I would like to connect two networks, therefore I have the idea of
using IPsec in its "tunnel mode", which apparently must be set up on the
border gateways of the two networks.

I couldn't find any specific IPsec support in the M1122's I use in both
networks, this is one of the reasons why I want to shift the routing task
into the Firewall boxes that sit behind the M1122's. The other reason is that
some IPsec implementations (my one among them) seem not to not like NAT.

Prior to testing the suggestions I got so far I've got three more questions:

So far, I understand that getting the firewall box behind the M1122 to do the
PPP connection I need to switch the connection mode from "PPP over ATM
(ppp-vc)" to "Local tunneling / PPP over ATM (tunneled-ppp-vc)".

1) Do I also have to enable the "bridging" checkbox or not?
2) Does the M1122 keep an internal of IP address?
3) Am I correct in setting the network card in the firewall which connects to
the M1122 to PPPoE?

Thanks,
Raimund

On Tuesday 04 April 2006 11:58, you wrote:
> > I'm not sure if the M1122 can do this. Maybe someone here knows and -- in
> > case
> > it's possible -- could tell me how to configure the M1122?
>
> You can connect to it via PPTP.. so Follow this:
> http://www.wlug.org.nz/M1122
> and you can do it
>
> Thanks
> Craig 

--
This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@lists.unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Wed Apr 5 10:28:40 2006

This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:34 2006 EST