[Vpn-help] Netscreen
mgrooms
mgrooms at shrew.net
Thu Jan 24 17:25:21 CST 2008
On Thu, 24 Jan 2008 17:30:37 -0500, "James Angi" <jangi at abc6.com> wrote:
> My netscreen supports restricting ports on the VPN Policy, but when I do
> the
> shrew client can't establish any SAs. I assume it's because the same
> matching port restrictions aren't on the client side. With the
> netscreen-remote client you can match these settings, is there any way to
> do
> this with shrew?
>
James,
The short answer is that protocol and port selection is not currently
supported by the client gui. The long answer is that under the hood, the
IKE daemon and IPsec policy engine already support this functionality and
actually use it for specific things like DHCP over IPsec support. The
client GUI would just need to be enhanced to configure these details for a
given site configuration. There are other features that need to be properly
exposed as well such as AH, IPCOMP and Tunnel vs Transport configuration
settings. Unfortunately, I don't think this will happen until the 2.2.0
time frame.
Thanks,
-Matthew
More information about the vpn-help
mailing list