HPE Community
Operating System - Linux
1752277 Members
4483 Online
108786 Solutions
New Discussion

Re: IPSEC on RHEL

 
Mike_Swift
Advisor

‎09-01-2011 10:46 AM

‎09-01-2011 10:46 AM

IPSEC on RHEL

Greetings!

 

Could someone please let me know where to start with this topic "IPSEC on RHEL" ? I am really intrested in learning and knowing about this security feature. Please help, I have a test box in our company and i ould like to test this.

 

Thanks

 

Mike.

0 Kudos
Reply
4 REPLIES 4
Mike_Swift
Advisor

‎09-19-2011 12:51 PM

‎09-19-2011 12:51 PM

Re: IPSEC on RHEL

Any thoughts??

 

Mike

0 Kudos
Reply
Naj
Valued Contributor

‎09-19-2011 10:28 PM

‎09-19-2011 10:28 PM

Re: IPSEC on RHEL

Hi,

Sound interesting, please just raise your doubt and any info

Thanks

____________________________________________
:: Really appreciate if you could assign some points.
:: Don't know how to assign point? Click the KUDOS! star!
0 Kudos
Reply
Mike_Swift
Advisor

‎09-20-2011 08:38 AM

‎09-20-2011 08:38 AM

Re: IPSEC on RHEL

I am aware of the basic IPSEC set up (host to host), I am more intrested in setting up IPSEC from a linux host via firewall, and also to a Juniper and also the cases where it needs to be terminated. So the usual stuff about linux to linux is not applicable here! Please let me know if someone has more ideas/links on this.

 

Thanks

 

Mike.

0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎09-21-2011 08:27 AM

‎09-21-2011 08:27 AM

Re: IPSEC on RHEL

Do you understand IPSEC at the conceptual level? Do you know what Phase 1 and Phase 2 are, and can you determine what kind of IPSEC security proposals you wish to use/accept? Do you want to use IPSEC in tunnel or transport mode?

 

At least on my Debian system, I have three separate IPSEC suites available: isakmpd, openswan and racoon. Do you have any preferences on them?

 

Google is your friend: I googled for "linux ipsec interoperability juniper" and even the first hit looked like it might be useful to you.

 

If you want to configure a firewall to pass through IPSEC traffic, you just need to allow its component protocols: for basic IPSEC, you need port 500/UDP for the ISAKMP key management protocol, and protocol numbers 50 (and maybe 51) for the payload. If you need NAT traversal (NAT-T), port 4500/UDP is required.

 

To adequately answer an open question like this, a day-long lecture might be needed - and that is obviously hard to provide in a discussion forum. You might get better answers if you can nail down your requirements with more specificity. Otherwise, I must recommend that you check the IT training providers and/or universities near you for IPSEC training courses.

MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.