cancel
Showing results for 
Search instead for 
Did you mean: 

IPSEC on RHEL

 
Mike_Swift
Advisor

IPSEC on RHEL

Greetings!

 

Could someone please let me know where to start with this topic "IPSEC on RHEL" ? I am really intrested in learning and knowing about this security feature. Please help, I have a test box in our company and i ould like to test this.

 

Thanks

 

Mike.

4 REPLIES
Mike_Swift
Advisor

Re: IPSEC on RHEL

Any thoughts??

 

Mike

Naj
Valued Contributor

Re: IPSEC on RHEL

Hi,

Sound interesting, please just raise your doubt and any info

Thanks

____________________________________________
:: Really appreciate if you could assign some points.
:: Don't know how to assign point? Click the KUDOS! star!
Mike_Swift
Advisor

Re: IPSEC on RHEL

I am aware of the basic IPSEC set up (host to host), I am more intrested in setting up IPSEC from a linux host via firewall, and also to a Juniper and also the cases where it needs to be terminated. So the usual stuff about linux to linux is not applicable here! Please let me know if someone has more ideas/links on this.

 

Thanks

 

Mike.

Matti_Kurkela
Honored Contributor

Re: IPSEC on RHEL

Do you understand IPSEC at the conceptual level? Do you know what Phase 1 and Phase 2 are, and can you determine what kind of IPSEC security proposals you wish to use/accept? Do you want to use IPSEC in tunnel or transport mode?

 

At least on my Debian system, I have three separate IPSEC suites available: isakmpd, openswan and racoon. Do you have any preferences on them?

 

Google is your friend: I googled for "linux ipsec interoperability juniper" and even the first hit looked like it might be useful to you.

 

If you want to configure a firewall to pass through IPSEC traffic, you just need to allow its component protocols: for basic IPSEC, you need port 500/UDP for the ISAKMP key management protocol, and protocol numbers 50 (and maybe 51) for the payload. If you need NAT traversal (NAT-T), port 4500/UDP is required.

 

To adequately answer an open question like this, a day-long lecture might be needed - and that is obviously hard to provide in a discussion forum. You might get better answers if you can nail down your requirements with more specificity. Otherwise, I must recommend that you check the IT training providers and/or universities near you for IPSEC training courses.

MK