On Thu, 19 Jun 2003 18:26:17 -0700 Michel Py <michel@arneill-py.sacramento.ca.us> wrote:
> > Richard Welty wrote:
> > the needed three legged firewall, bridging two interfaces and
> > using NAT on the third one, is rather more complicated than i
> > wanted to deploy for a budget-constrained customer. neither i
> > nor my client feel that there was a much of a win here, but
> > there weren't any other options, either.
> This is a clever setup; am I guessing correctly in saying that
> fortunately the IPSEC part needed to terminate on only one or two
> servers and not on each host?
yes, it only needed to terminate on the server in the DMZ (the internet
facing interface and the DMZ interface are the two that were bridged,
obviously.)
richard
--
Richard Welty rwelty@averillpark.net
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security