IPSectarianism
mdevney at teamsphere.com
mdevney at teamsphere.com
Wed Jan 17 06:14:48 UTC 2001
On Tue, 16 Jan 2001, Dave Wardle, Critical Networks, Inc. wrote:
> Date: Tue, 16 Jan 2001 18:48:31 -0800 (PST)
> From: "Dave Wardle, Critical Networks, Inc." <dave at criticalnets.com>
> To: nanog at merit.edu
> Subject: IPSectarianism
>
>
> Is anyone on the list aware of Service Providers (ISP/NSP...) who DO
> block IPsec traffic, with or without informing their customers or peers?
>
I used to work for an ISP (http://www.pilot.net) who blocked *all* traffic
except that specifically asked for, in the interests of security. This
was spelled out in the sales contract, and in fact was a prime selling
point. (I ipened a lot of pinholes in a lot of firewalls for IPsec.) I
imagine there are other ISPs who do the same.
>From a customer standpoint, where I am now, I would never sign on with an
ISP/NSP who filtered *any* traffic. I can manage my own firewall thank
you very much.[1] I pay them for network access, to get my packets from
me to elsewhere and back, not to be my guardians.
> I'm trying to assess the pros and cons of major Enterprise Customers
> basing their entire remote office/small office/mobile network access
> strategy on some type of IPsec based VPN solution.
>
I've been very happy with Cisco's IPsec VPNs from PIX to PIX. They're
reasonably stable, very easy to set up, and since I'm not the one paying
12 grand + for what amounts to a 2-year-old desktop box running modified
IOS, their price is right. Oftentimes clients simply say "Cisco? Cool,
here's some money." Only caveat being, you really need the failover.
Mobile, I can't help you, sorry.
> Any thoughts?
>
> Cheers
> Dave
>
> -------
> Dave Wardle, Principal Consultant
> Critical Networks, Inc.
> -------
> Email: dave at criticalnets.com
> Homepage: www.criticalnets.com
> -------
> Cell: 831 332 1021
> Tel: 831 662 1710
> Fax: 831 662 1710
> -------
>
>
[1] Please no snide comments about my current provider, I am not too
pleased with them for exactly the reason you're thinking and am discussing
other options with my supervisor.
More information about the NANOG
mailing list