IPSectarianism

mdevney at teamsphere.com mdevney at teamsphere.com
Wed Jan 17 06:14:48 UTC 2001


On Tue, 16 Jan 2001, Dave Wardle, Critical Networks, Inc. wrote:

> Date: Tue, 16 Jan 2001 18:48:31 -0800 (PST)
> From: "Dave Wardle, Critical Networks, Inc." <dave at criticalnets.com>
> To: nanog at merit.edu
> Subject: IPSectarianism
> 
> 
> Is anyone on the list aware of Service Providers (ISP/NSP...) who DO
> block IPsec traffic, with or without informing their customers or peers?
> 
I used to work for an ISP (http://www.pilot.net) who blocked *all* traffic
except that specifically asked for, in the interests of security.  This
was spelled out in the sales contract, and in fact was a prime selling
point.  (I ipened a lot of pinholes in a lot of firewalls for IPsec.)  I
imagine there are other ISPs who do the same.  

>From a customer standpoint, where I am now, I would never sign on with an
ISP/NSP who filtered *any* traffic.  I can manage my own firewall thank
you very much.[1]  I pay them for network access, to get my packets from
me to elsewhere and back, not to be my guardians.  

> I'm trying to assess the pros and cons of major Enterprise Customers
> basing their entire remote office/small office/mobile network access
> strategy on some type of IPsec based VPN solution.
> 
I've been very happy with Cisco's IPsec VPNs from PIX to PIX.  They're
reasonably stable, very easy to set up, and since I'm not the one paying
12 grand + for what amounts to a 2-year-old desktop box running modified
IOS, their price is right.  Oftentimes clients simply say "Cisco?  Cool,
here's some money."  Only caveat being, you really need the failover.  

Mobile, I can't help you, sorry.


> Any thoughts?
> 
> Cheers
> Dave
> 
> -------
> Dave Wardle, Principal Consultant 
> Critical Networks, Inc.
> -------
> Email:    dave at criticalnets.com
> Homepage: www.criticalnets.com
> -------
> Cell:     831 332 1021
> Tel:      831 662 1710
> Fax:      831 662 1710
> -------
> 
> 
[1] Please no snide comments about my current provider, I am not too
pleased with them for exactly the reason you're thinking and am discussing
other options with my supervisor.





More information about the NANOG mailing list