Date: Tue, 15 Jan 2002 14:08:42 +0530 From: "Kshitij Gunjikar" <kshitijgunjikar@yahoo.com> To: <freebsd-net@freebsd.org> Subject: Filtering on the IPsec Tunnel Message-ID: <DJEEIBCKNENADJJIMPLFAEHLCDAA.kshitijgunjikar@yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi All, What I think is that we shouldn't send all packets to IPSec. This reduces the performance of the box as IPSec algorithms are really compute intensive. Only configured tunnels to a few locations can be IPSeced. This ensures that the normal traffic which is mostly TCP traffic can be as fast as possible. (Hey, We all complain when we see our mails being downloaded slowly or web pages being loaded slowly) Also, for generic security we can use the IP filter for normal traffic. The IPSec itself does authentication so why send it to a filter? Regards Kshitij _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DJEEIBCKNENADJJIMPLFAEHLCDAA.kshitijgunjikar>