MultiCom Technical Support Forum Index MultiCom Technical Support
Supporting MultiCom Routers, Firewalls and VPN
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Can I use filtering with IPSec?

 
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x IPSec
View previous topic :: View next topic  
Author Message
Support



Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland

PostPosted: Tue Jan 14, 03 11:33    Post subject: Can I use filtering with IPSec? Reply with quote

Yes, be sure however that you do not block input or output of

  • ESP encryption and/ or authentication,
  • AH protocols (if you are using it for packet-level authentication)
  • UDP port 500 data which is used during IKE negotiations

...depending on how you build the encrypted connection.

In relation to tunneling IPSec connections between subnets or from a single remote user to a subnet, the Filtering rules will take place after IPSec has unencrypted the packets and after Interface NAT input (for the arriving interface of the packet) and MISC>NAT have made their translations. Packets that make it through for release to the internal subnet.

Recommended Filtering rules....
Reject IP packets that are not from known IP Gateways (can be configured in MISC>NAT)
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x IPSec All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group