Jason Costomiris writes: > On Saturday, February 1, 2003, at 03:17 PM, Dick St.Peters wrote: > > >> net1 <--> net2/net3 > >> > >> This requires good network planning. > > > > No, this requires planning your network around IPsec, which is not the > > same thing as good network planning. Other VPN technologies fit into > > the network you have ... or that you may want to have for other > > reasons. > > That's silly. Planning your network so that you can aggregate the > networks at each site into a single network has nothing to do with > planning your network around IPsec. It has everything to do with > minimizing configuration of whatever connectivity solution you deploy, > be it IPsec, some random VPN, private links or even frame relay.
Oh yee of little imagination ... start with the obvious case: two NICs on the gateway, one in net2, the site's DMZ, another in net3, its internal network. Aggregate that one. For another, try having net2 and net3 be at different sites, where the two sites represent two previously different companies that just merged. One numbered out of 192.168.0.0/16, the other out of 10/8. Networks are not planned; networks grow (or shrink or divide) under the influence of things other than networking. People trying to plan networks have never been any better at predicting the future than anyone else. > You want to recommend they use a non-vendor solution? Great! > Recommending something interoperable is the way to go. In this case, > that's freeswan. Sorry Jason, the important interoperability isn't with IPsec's constraints, it's lack of rigidity in how you grow your network. -- Dick St.Peters, [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
