From owner-freebsd-security  Fri Jan  7 12:10:26 2000
Delivered-To: freebsd-security@freebsd.org
Received: from proxy2.ba.best.com (proxy2.ba.best.com [206.184.139.14])
	by hub.freebsd.org (Postfix) with ESMTP id 3BDBF1591F
	for <FreeBSD-Security@FreeBSD.ORG>; Fri,  7 Jan 2000 12:09:23 -0800 (PST)
	(envelope-from GregoryC@stcinc.com)
Received: from stcinc.com (gw-covad768k-cognitivetech.ncal.verio.com [207.20.238.29] (may be forged))
	by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with ESMTP id MAA11731
	for <FreeBSD-Security@FreeBSD.ORG>; Fri, 7 Jan 2000 12:07:18 -0800 (PST)
Message-ID: <387649F1.1B977740@stcinc.com>
Date: Fri, 07 Jan 2000 12:17:53 -0800
From: Gregory Carvalho <GregoryC@stcinc.com>
Reply-To: GregoryC@stcinc.com
Organization: Simplified Technology Company
X-Mailer: Mozilla 4.51 [en] (X11; I; FreeBSD 3.2-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: FreeBSD-Security@FreeBSD.ORG
Subject: Re: Configuration Validation Request
References: <38760B2F.1044E20D@stcinc.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Gregory Carvalho wrote:
> 
> I have a scenario which requires IPSec, but the packets must transgress
> a Microsoft Windows NT 4.0 Server running PPTP. I would like to use the
> Kame IPSec package on FreeBSD 3.3R as in the diagram below. I envision
> the sequence being Farside's PoPToP establishing a connection with
> OutOfMyHands's PPTP, then IPSec riding that tunnel and cruising right
> past OutOfMyHands to ServerSide's IPSec. Please comment on the validity
> of this configuration.

Clarification: Hosts connected to Farside (which is acting as
firewall/gateway) attempt to talk to hosts connected to ServerSide
(which is acting as firewall/gateway), so I desire for all traffic
between FarSide and ServerSide to be ESP with authentication.
OutOfMyHands does not contain IPSec.

> 
>  -------------------      /\      -------------------
> | FreeBSD 3.3R      |    /  \    | WinNT4S           |
> | Name: FarSide     |   /    \   | Name: OutOfMyHands|
> |   IPSec (Kame)    |   \Inet/   |    MS Proxy       |
> |   PoPToP          |____\__/____|    PPTP           |__
>  -------------------      \/      -------------------   |
>                                                         |
>                                                         |
>                                   -------------------   |
>                                  | FreeBSD 3.3R      |  |
>                                  | Name: ServerSide  |  |
>                                  |                   |  |
>                                  |    IPSec          |__|
>                                   -------------------
> 

Cordially,
Gregory Carvalho		GregoryC@stcinc.com
Simplified Technology Company	http://www.stcinc.com
In God I Trust!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message